CVE-2026-7127

SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

CVSS 6.9 MEDIUMEPSS 0.3%CWE-74 CWE-89

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_receiving. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

SourceCodester · Pharmacy Sales and Inventory System

PoCs públicas encontradas — 1

cve_referencegithub.com/y1shiny1shin/vuldb-project/issues/1no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/y1shiny1shin/vuldb-project/issues/1 https://vuldb.com/submit/800972 https://vuldb.com/vuln/359726 https://vuldb.com/vuln/359726/cti https://www.sourcecodester.com/