EUVD-2026-22012

| CVE-2026-6187 MEDIUM
2026-04-13 VulDB GHSA-qprq-3xhq-p84p
SQLi PHP Pharmacy Sales And Inventory System
6.9
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Apr 13, 2026 - 16:43 vuln.today
Severity Changed
Apr 13, 2026 - 16:22 NVD
HIGH MEDIUM
CVSS Changed
Apr 13, 2026 - 16:22 NVD
7.3 (HIGH) 6.9 (MEDIUM)

DescriptionNVD

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

AnalysisAI

SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /ajax.php?action=chk_prod_availability, enabling unauthorized data access and modification. The vulnerability has a publicly available exploit and carries a CVSS score of 6.9 with confirmed proof-of-concept code available on GitHub.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-22012 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy