EUVD-2026-22016
GHSA-f7v4-47q7-f3fq
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the Username parameter in /ajax.php?action=login. The vulnerability enables low-complexity attacks requiring no user interaction, with publicly available exploit code (EPSS probability data not provided, not listed in CISA KEV). …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all instances of SourceCodester Pharmacy Sales and Inventory System 1.0 in production and isolate affected systems from external networks if operationally feasible. Within 7 days: Implement Web Application Firewall (WAF) rules blocking SQL injection patterns in the /ajax.php?action=login endpoint; apply input validation and parameterized queries if internal development resources are available. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today