| CVE-2025-56274 | Hig | 0.53 | 8.1 | 0.00 | | Sep 15, 2025 | SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and perform sensitive operations such as adding new users. |
| CVE-2026-30573 | Hig | 0.49 | 7.5 | 0.00 | | Apr 1, 2026 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales transactions. This leads to incorrect financial calculations, corruption of sales reports, and potential financial loss. |
| CVE-2026-30576 | Hig | 0.49 | 7.5 | 0.00 | | Mar 27, 2026 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption of financial records, allowing attackers to manipulate inventory asset values and procurement costs. |
| CVE-2026-30575 | Hig | 0.49 | 7.5 | 0.00 | | Mar 27, 2026 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during stock entry, allowing negative values to be processed. This causes the system to decrease the inventory level instead of increasing it, leading to inventory corruption and potential Denial of Service by depleting stock records. |
| CVE-2026-30574 | Hig | 0.49 | 7.5 | 0.00 | | Mar 27, 2026 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity (txtqty) exceeds the available stock level. An attacker can manipulate the request to purchase a quantity that is significantly higher than the actual available stock. |
| CVE-2025-3783 | Med | 0.41 | 6.3 | 0.00 | | Apr 18, 2025 | A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-product.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
| CVE-2025-56018 | Med | 0.40 | 6.1 | 0.00 | | Sep 30, 2025 | SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in Category Management via the category name field. |
| CVE-2026-3766 | Low | 0.23 | 3.5 | 0.00 | | Mar 8, 2026 | A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an unknown function of the file edit-profile.php. Performing a manipulation of the argument fullname results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. |
| CVE-2026-3401 | Low | 0.20 | 3.1 | 0.00 | | Mar 2, 2026 | A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the attack is possible. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been made available to the public and could be used for attacks. |
