Description
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php.
Published: 2026-03-03
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Patch
AI Analysis

Impact

The Pharmacy Point of Sale System version 1.0 contains an unsanitized input handling flaw in the /pharmacy/manage_stock.php endpoint. This flaw allows an attacker to inject arbitrary SQL statements, leading to unauthorized data disclosure, modification, or deletion. The weakness is formally classified under CWE-89, indicating a lack of proper data validation before use in an SQL statement. The potential impact is limited to the database accessed by the application and does not provide arbitrary code execution or system compromise beyond the bounds of the application’s database permissions.

Affected Systems

The only affected product is the Sourcecodester Pharmacy Point of Sale System, version 1.0, as identified by the CPE entry for oretnom23. No other vendor or product variants are listed as affected.

Risk and Exploitability

The CVSS score of 2.7 indicates a low severity assessment, and the EPSS score is reported to be less than 1 percent, suggesting low likelihood of exploitation in the wild. This vulnerability is not catalogued in the CISA KEV database. The likely attack vector is a remote web-based attacker who can send crafted input to the manage_stock.php endpoint, potentially through user interfaces or other susceptible channels. While the score reflects limited impact, the presence of a classic SQL injection flaw warrants timely remediation.

Generated by OpenCVE AI on April 17, 2026 at 13:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and apply the vendor’s official patch or upgraded release for Pharmacy Point of Sale System v1.0
  • Modify the application to use parameterized queries or prepared statements for all database interactions in manage_stock.php
  • Validate and sanitize all user-supplied input parameters before incorporating them into SQL statements

Generated by OpenCVE AI on April 17, 2026 at 13:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Pharmacy Point of Sale System 1.0

Wed, 04 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester pharmacy Point Of Sale System
Vendors & Products Sourcecodester
Sourcecodester pharmacy Point Of Sale System

Wed, 04 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
First Time appeared Oretnom23
Oretnom23 pharmacy Point Of Sale System
CPEs cpe:2.3:a:oretnom23:pharmacy_point_of_sale_system:1.0:*:*:*:*:*:*:*
Vendors & Products Oretnom23
Oretnom23 pharmacy Point Of Sale System

Tue, 03 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
Description Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php.
References

Subscriptions

Oretnom23 Pharmacy Point Of Sale System
Sourcecodester Pharmacy Point Of Sale System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-03T20:36:18.512Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26888

cve-icon Vulnrichment

Updated: 2026-03-03T20:28:47.172Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-03T20:16:48.880

Modified: 2026-03-04T03:58:31.857

Link: CVE-2026-26888

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:30:19Z

Weaknesses