Description
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_receipt.php.
Published: 2026-03-02
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Patch Now
AI Analysis

Impact

A flaw in Pharmacy Point of Sale System v1.0 allows attackers to inject arbitrary SQL statements via the /pharmacy/view_receipt.php page, potentially exposing or altering sensitive data in the database. The vulnerability is classified as an SQL injection (CWE‑89) flaw. No additional details about input handling are provided in the advisory.

Affected Systems

The affected product is Pharmacy Point of Sale System version 1.0. No vendor information is supplied by the CNA; the system runs the sourcecodester code package.

Risk and Exploitability

The vulnerability carries a CVSS base score of 9.8, indicating critical severity and potential impact on confidentiality and integrity of the underlying database. The EPSS score of less than 1% suggests a very low probability of current exploitation. The vulnerability is not listed in the CISA KEV catalog. The flaw can be triggered by sending a specially crafted HTTP request to the exposed PHP page, so the likely attack vector is remote web‑based, though specific authentication requirements are not detailed in the advisory.

Generated by OpenCVE AI on April 18, 2026 at 19:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched or newer version of the Pharmacy Point of Sale System if available.
  • Implement input validation and use prepared statements to prevent direct injection of user data into SQL queries.
  • Restrict database user permissions to the minimal scope required by the application.
  • Deploy a web application firewall to detect and block SQL injection patterns.
  • Monitor application logs for suspicious query activity.

Generated by OpenCVE AI on April 18, 2026 at 19:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Title SQL Injection in Pharmacy Point of Sale System v1.0

Wed, 04 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester pharmacy Point Of Sale System
Vendors & Products Sourcecodester
Sourcecodester pharmacy Point Of Sale System

Tue, 03 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Oretnom23
Oretnom23 pharmacy Point Of Sale System
Weaknesses CWE-89
CPEs cpe:2.3:a:oretnom23:pharmacy_point_of_sale_system:1.0:*:*:*:*:*:*:*
Vendors & Products Oretnom23
Oretnom23 pharmacy Point Of Sale System
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 02 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_receipt.php.
References

Subscriptions

Oretnom23 Pharmacy Point Of Sale System
Sourcecodester Pharmacy Point Of Sale System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-03T20:32:47.948Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26706

cve-icon Vulnrichment

Updated: 2026-03-03T20:32:38.908Z

cve-icon NVD

Status : Modified

Published: 2026-03-02T18:16:26.793

Modified: 2026-03-03T21:15:59.683

Link: CVE-2026-26706

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T19:45:08Z

Weaknesses