High severity7.5NVD Advisory· Published Mar 27, 2026· Updated Mar 31, 2026
CVE-2026-30576
CVE-2026-30576
Description
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption of financial records, allowing attackers to manipulate inventory asset values and procurement costs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:senior-walter:web-based_pharmacy_product_management_system:1.0:*:*:*:*:*:*:*
- Range: =1.0
Patches
Vulnerability mechanics
References
1- github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Management-System/Logic-AddStock-NegativePrice.mdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.