What is the CVSS score of CVE-2026-30574?

CVE-2026-30574 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of PHP are affected by CVE-2026-30574?

CVE-2026-30574 presents notable security risk rated CVSS 7.5. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2026-30574?

Yes, a public proof-of-concept exploit is available for CVE-2026-30574. Prioritise patching immediately. EPSS: 0.0%.

PHP CVE-2026-30574

EUVD-2026-16706 HIGH

Improper Enforcement of Behavioral Workflow (CWE-841)

2026-03-27 mitre

GHSA-3wqr-83x4-348r

PHP Information Disclosure

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

PoC Detected

Mar 31, 2026 - 18:03 vuln.today

Public exploit code

EUVD ID Assigned

Mar 27, 2026 - 16:45 euvd

EUVD-2026-16706

Analysis Generated

Mar 27, 2026 - 16:45 vuln.today

CVE Published

Mar 27, 2026 - 00:00 nvd

HIGH 7.5

DescriptionNVD

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity (txtqty) exceeds the available stock level. An attacker can manipulate the request to purchase a quantity that is significantly higher than the actual available stock.

AnalysisAI

SourceCodester Pharmacy Product Management System 1.0 fails to enforce inventory constraints in the add-sales.php module, allowing attackers to create sales transactions for quantities that exceed available stock levels. This business logic flaw enables overselling scenarios where the system processes orders without validating stock availability, potentially leading to negative inventory records and operational disruption. …

RemediationAI

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-30574 vulnerability details – vuln.today

Back

PHP CVE-2026-30574

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code