A vulnerability labeled as critical has been found in SourceCodester Simple POS and Inventory System 1.0 . This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler . The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-9444 . The attack may be launched remotely. Furthermore, there is an exploit available.