A vulnerability described as critical has been identified in SourceCodester Simple POS and Inventory System 1.0 . The affected element is an unknown function of the file /admin/edit_customer.php . Such manipulation of the argument ID leads to sql injection. This vulnerability is documented as CVE-2026-9446 . The attack can be executed remotely. Additionally, an exploit exists.