Medium severity6.3NVD Advisory· Published May 25, 2026· Updated May 26, 2026
CVE-2026-9445
CVE-2026-9445
Description
A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 1.0
Patches
Vulnerability mechanics
References
5News mentions
1- Sourcecodester: 19 CVEs Across Six Products Disclosed in Three-Day BatchVypr Intelligence · May 26, 2026