Submit #775169: SourceCodester Sales and Inventory System 1.0 SQL Injectioninfo

TitleSourceCodester Sales and Inventory System 1.0 SQL Injection
DescriptionA SQL injection vulnerability exists in Inventory System version 1.0. The vulnerability occurs in the view_supplier.php file, where the searchtxt HTTP POST parameter is not properly sanitized. This allows an authenticated attacker to inject arbitrary SQL commands, leading to data exfiltration and database enumeration.
Source⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-ViewSupplier-searchtxt.md
User
 Anonymous User
Submission03/08/2026 15:19 (29 days ago)
Moderation03/24/2026 16:11 (16 days later)
StatusAccepted
VulDB entry352795 [SourceCodester Sales and Inventory System 1.0 POST Parameter view_supplier.php searchtxt sql injection]
Points19

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!