Submit #775171: SourceCodester Sales and Inventory System 1.0 SQL Injectioninfo

TitleSourceCodester Sales and Inventory System 1.0 SQL Injection
DescriptionA SQL injection vulnerability exists in Inventory System version 1.0. The vulnerability occurs in the update_category.php file, where the sid HTTP GET parameter is not properly sanitized. This allows an authenticated attacker to inject arbitrary SQL commands.
Source⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-UpdateCategory-sid.md
User
 Anonymous User
Submission03/08/2026 15:29 (29 days ago)
Moderation03/24/2026 16:11 (16 days later)
StatusAccepted
VulDB entry352796 [SourceCodester Sales and Inventory System 1.0 HTTP GET Parameter update_category.php sid sql injection]
Points18

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!