Description
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_supplier.php.
Published: 2026-03-02
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized data access and potential modification
Action: Assess Impact
AI Analysis

Impact

An SQL injection flaw exists in the Pharmacy Point of Sale System version 1.0, specifically in the /pharmacy/view_supplier.php module. Attackers able to craft malicious input can inject arbitrary SQL statements, enabling enumeration of database contents, extraction of sensitive records, and modification or deletion of data. The vulnerability permits unauthorized disclosure of customer and supplier information and could lead to integrity violations.

Affected Systems

Targeted applications are the open‑source Pharmacy Point of Sale System released by oretnom23, version 1.0. No other versions are listed. The vulnerable code resides in the web front‑end, exposing the flaw to HTTP requests.

Risk and Exploitability

With a CVSS score of 9.8, the flaw is considered critical. The EPSS value is below 1 %, indicating current exploitation likelihood is low but not impossible; however, the absence from KEV suggests no publicly known exploits yet. The attack vector is inferred to be remote, as the vulnerable endpoint is reachable over the network. Successful exploitation would immediately compromise confidentiality and integrity of the underlying database, potentially allowing a remote attacker to read, modify, or delete data.

Generated by OpenCVE AI on April 16, 2026 at 14:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an update or migrate to a newer version of the Pharmacy Point of Sale System that eliminates the SQL injection flaw; if no official patch is available, consider switching to a more secure alternative.
  • Restrict access to the /pharmacy/view_supplier.php URL using firewall rules, authentication, or IP whitelisting to limit exposure to trusted users only.
  • Implement robust input validation and use prepared statements or parameterized queries in the application to prevent SQL injection.
  • Continuously monitor web server and database logs for suspicious activity and anomalous queries.

Generated by OpenCVE AI on April 16, 2026 at 14:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Title Pharmacy Point of Sale System v1.0 Remote SQL Injection in view_supplier.php

Wed, 04 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester pharmacy Point Of Sale System
Vendors & Products Sourcecodester
Sourcecodester pharmacy Point Of Sale System

Tue, 03 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Oretnom23
Oretnom23 pharmacy Point Of Sale System
Weaknesses CWE-89
CPEs cpe:2.3:a:oretnom23:pharmacy_point_of_sale_system:1.0:*:*:*:*:*:*:*
Vendors & Products Oretnom23
Oretnom23 pharmacy Point Of Sale System
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 02 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_supplier.php.
References

Subscriptions

Oretnom23 Pharmacy Point Of Sale System
Sourcecodester Pharmacy Point Of Sale System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-03T20:31:12.429Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26707

cve-icon Vulnrichment

Updated: 2026-03-03T20:31:07.324Z

cve-icon NVD

Status : Modified

Published: 2026-03-02T18:16:26.903

Modified: 2026-03-03T21:15:59.870

Link: CVE-2026-26707

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:00:14Z

Weaknesses