High severity7.5NVD Advisory· Published Apr 1, 2026· Updated Apr 7, 2026
CVE-2026-30573
CVE-2026-30573
Description
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales transactions. This leads to incorrect financial calculations, corruption of sales reports, and potential financial loss.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:senior-walter:web-based_pharmacy_product_management_system:1.0:*:*:*:*:*:*:*
- Range: =1.0
Patches
Vulnerability mechanics
References
1- github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Management-System/Logic-AddSales-NegativePrice.mdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.