CVE-2026-9447: SourceCodester Simple POS and Inventory System search.php sql injection

Published May 25, 2026

Updated

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Affected Software

1 affected component

Sourcecodester Simple POS and Inventory System=1.0

Event History

May 25, 2026

CVE Published

via MITRE·09:45 AM

Data Sourced

via MITRE·09:45 AM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2026-9447?

CVE-2026-9447 has a high severity score of 7.3.

How do I fix CVE-2026-9447?

To fix CVE-2026-9447, ensure that input validation and prepared statements are implemented on the search.php file to mitigate SQL injection risks.

What type of vulnerability is CVE-2026-9447?

CVE-2026-9447 is categorized as an SQL injection vulnerability.

Can CVE-2026-9447 be exploited remotely?

Yes, CVE-2026-9447 can be exploited remotely through the search.php file.

Which software is affected by CVE-2026-9447?

CVE-2026-9447 affects SourceCodester Simple POS and Inventory System version 1.0.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.