Skip to main content

SourceCodester Pharmacy System EUVD-2026-28416

| CVE-2026-8083 MEDIUM
SQL Injection (CWE-89)
2026-05-07 VulDB GHSA-mv88-fcpc-wrmw
PHP SQLi
5.5
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 07, 2026 - 19:48 vuln.today
Severity Changed
May 07, 2026 - 19:22 NVD
HIGH MEDIUM
CVSS changed
May 07, 2026 - 19:22 NVD
7.3 (HIGH) 5.5 (MEDIUM)
CVE Published
May 07, 2026 - 18:15 nvd
MEDIUM 5.5

DescriptionNVD

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

AnalysisAI

SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows remote unauthenticated attackers to execute arbitrary SQL queries via the ID parameter in /ajax.php?action=save_user. The vulnerability has a publicly available exploit and CVSS 5.5 score reflecting limited confidentiality, integrity, and availability impact on the vulnerable component.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-28416 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy