Skip to main content

SourceCodester Pharmacy Sales and Inventory System CVE-2026-7128

| EUVD-2026-25852 MEDIUM
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2026-04-27 cna@vuldb.com
PHP SQLi
5.5
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
CVSS changed
Apr 29, 2026 - 01:12 NVD
6.9 (MEDIUM) 5.5 (MEDIUM)
Analysis Generated
Apr 27, 2026 - 14:33 vuln.today
EUVD ID Assigned
Apr 27, 2026 - 14:22 euvd
EUVD-2026-25852
Analysis Generated
Apr 27, 2026 - 14:22 vuln.today
CVE Published
Apr 27, 2026 - 14:16 nvd
MEDIUM 5.5

DescriptionNVD

A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_type. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

AnalysisAI

SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to manipulate the ID parameter in /ajax.php?action=save_type, enabling arbitrary SQL query execution with confidentiality and integrity impact. Publicly disclosed exploit code is available, significantly increasing real-world risk despite the moderate CVSS score of 6.9.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-7128 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy