CVE-2026-9447
HighSummary
A vulnerability was found in Simple POS and Inventory System 1.0 that allows SQL injection through manipulation of the 'Name' argument in the /user/search.php file. The attack can be performed remotely.
Risk Assessment
Exploitation of this vulnerability could lead to unauthorized access to the database, posing a serious threat to the integrity and confidentiality of the organization's data.
Recommendation
It is recommended to update the system to the latest version and implement input filtering and validation to prevent SQL injection attacks.
Original NVD description (English source)
A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

