Which versions of Pharmacy Sales and Inventory System are affected by CVE-2026-7127?

SourceCodester Pharmacy Sales and Inventory System 1.0 contains an unauthenticated SQL injection vulnerability in the receiving module that allows attackers to read, modify, or delete critical…

Is there a public PoC exploit available for CVE-2026-7127?

Yes, a public proof-of-concept exploit is available for CVE-2026-7127. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-7127?

Within 24 hours: Identify and inventory all instances of SourceCodester Pharmacy Sales and Inventory System 1.0 in your environment and document network exposure. Restrict network access to the application using firewall rules-block external access to port(s) hosting the application, and limit to authorized users only via VPN or air-gap if internet access is required. Within 7 days: Implement Web Application Firewall (WAF) rules to block SQL injection patterns targeting /ajax.php?action=delete_receiving parameter; monitor access logs for exploitation attempts. Within 30 days: Contact SourceCodester for patch timeline; evaluate migration to a supported pharmacy management system with current security patches, or conduct code review and custom remediation if vendor timeline is unacceptable.

Pharmacy Sales and Inventory System CVE-2026-7127

Q: What is the CVSS score of CVE-2026-7127?

CVE-2026-7127 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25851 MEDIUM

SQL Injection (CWE-89)

2026-04-27 VulDB

PHP SQLi

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:12 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

Severity Changed

Apr 27, 2026 - 14:22 NVD

HIGH MEDIUM

CVSS changed

Apr 27, 2026 - 14:22 NVD

7.3 (HIGH) 6.9 (MEDIUM)

Analysis Generated

Apr 27, 2026 - 14:00 vuln.today

EUVD ID Assigned

Apr 27, 2026 - 13:30 euvd

EUVD-2026-25851

Analysis Generated

Apr 27, 2026 - 13:30 vuln.today

CVE Published

Apr 27, 2026 - 13:16 nvd

MEDIUM 5.5

DescriptionNVD

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_receiving. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

AnalysisAI

SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to read, modify, or delete database records via the ID parameter in /ajax.php?action=delete_receiving. Publicly available exploit code (GitHub POC) demonstrates working attack against default installations with no authentication required (CVSS AV:N/AC:L/PR:N). …

RemediationAI

Within 24 hours: Identify and inventory all instances of SourceCodester Pharmacy Sales and Inventory System 1.0 in your environment and document network exposure. Restrict network access to the application using firewall rules-block external access to port(s) hosting the application, and limit to authorized users only via VPN or air-gap if internet access is required. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7127 vulnerability details – vuln.today

Back

Pharmacy Sales and Inventory System CVE-2026-7127

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Pharmacy Sales and Inventory System CVE-2026-7127

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code