Pharmacy Mangment System

CVEs (2)

• CVE-2026-31070CriMay 19, 2026
  Lalanachami

  Pharmacy Mangment System
  risk 0.64cvss 9.8epss 0.00

  The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body

• CVE-2026-31071CriMay 19, 2026
  Lalanachami

  Pharmacy Mangment System
  risk 0.59cvss 9.1epss 0.00

  API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records (including bcrypt password hashes) via /api/user/getUserData, modify drug inventory, and access private medical prescription data via /api/doctorOder.