A vulnerability classified as critical has been found in SourceCodester Simple POS and Inventory System 1.0 . The impacted element is an unknown function of the file /user/search.php . Performing a manipulation of the argument Name results in sql injection. This vulnerability is reported as CVE-2026-9447 . The attack is possible to be carried out remotely. Moreover, an exploit is present.