A vulnerability marked as critical has been reported in SourceCodester Simple POS and Inventory System 1.0 . Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler . This manipulation of the argument image causes unrestricted upload. This vulnerability is registered as CVE-2026-9445 . Remote exploitation of the attack is possible. Furthermore, an exploit is available.