Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function.
https://www.sourcecodester.com/php/15023/stock-management-system-phpoop-source-code.html