CVE-2026-7392

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function deletesupplier of the file /ajax.php?action=deletesupplier. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been...

CVE-2026-7281 SourceCodester Pharmacy Sales and Inventory System index.php supplier cross site scripting

A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. Th...

PT-2026-35726

A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. Th...

SourceCodester Pharmacy Sales and Inventory System 跨站脚本漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a cross-site scripting vulnerability. This vulnerability stems from the...

CVE-2025-52039

In Frappe ERPNext 15.57.5, the function getmaterialrequestsbasedonsupplier at erpnext/stock/doctype/materialrequest/materialrequest.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the txt parameter...

CVE-2025-52039

In Frappe ERPNext 15.57.5, the get_material_requests_based_on_supplier() function in erpnext/stock/doctype/material_request/material_request.py is vulnerable to SQL Injection via the txt parameter, enabling an attacker to extract data from the database. Root cause: unsafe SQL handling in the func...

CVE-2025-10415

A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the file /ajax.php?action=savesupplier. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been public...

CVE-2025-10416

A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=deletesupplier. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly...

CVE-2023-46450

Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting XSS via the Add supplier function...

CVE-2023-46450

Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting XSS via the Add supplier function...

PT-2023-30030 · Sourcecodester · Sourcecodester Free/Open Source Inventory Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Free and Open Source inventory management system version 1.0 Description: The issue is related to Cross Site Scripting XSS via the Add supplier function. This means an attacker could potentially inject malicious scripts into th...

Inventory Management System Cross-Site Scripting Vulnerability

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System version 1.0 due to a cross-site scripting XSS vulnerability in the Add supplier function...