Sourcecodester Simple Pos Inventory System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Sourcecodester Simple Pos Inventory System.
By the Year
In 2026 there have been 4 vulnerabilities in Sourcecodester Simple Pos Inventory System with an average score of 5.8 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 4 | 5.75 |
It may take a day or so for new Simple Pos Inventory System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sourcecodester Simple Pos Inventory System Security Vulnerabilities
SQL Injection in SourceCodester Simple POS 1.0 via /user/search.php Name parameter
CVE-2026-9447
7.3 - High
- May 25, 2026
A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
SQL Injection
SQL Injection in SourceCodester Simple POS v1.0 (edit_customer.php ID)
CVE-2026-9446
4.7 - Medium
- May 25, 2026
A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/edit_customer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SourceCodester Simple POS 1.0 Unrestricted File Upload in /admin/addproduct.php
CVE-2026-9445
6.3 - Medium
- May 25, 2026
A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Unrestricted File Upload
SQLi in SourceCodester Simple POS 1.0 deleteproduct.php via GET ID
CVE-2026-9444
4.7 - Medium
- May 25, 2026
A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sourcecodester Simple Pos Inventory System or by Sourcecodester? Click the Watch button to subscribe.
