Web-based Pharmacy Product Management System CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-63712	2 Senior-walter, Sourcecodester	2 Web-based Pharmacy Product Management System, Product Expiry Management System	2025-11-18	4.5 Medium
Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF protection.
CVE-2025-56018	2 Seniorwalter, Sourcecodester	2 Web-based Pharmacy Product Management System, Web-based Pharmacy Product Management System	2025-10-07	6.1 Medium
SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in Category Management via the category name field.

Page 1 of 1.