Description
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php.
Published: 2026-03-03
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: SQL injection vulnerability
Action: Apply Patch
AI Analysis

Impact

Sourcecodester Pharmacy Point of Sale System version 1.0 contains a SQL injection flaw in the manage_product.php endpoint. This weakness allows an attacker to inject arbitrary SQL statements through unsanitized input, potentially enabling unauthorized data retrieval, modification, or deletion within the underlying database. It is identified as CWE‑89, indicating a lack of proper input handling before query execution.

Affected Systems

The affected product is Sourcecodester Pharmacy Point of Sale System v1.0, which hosts the /pharmacy/manage_product.php page on web servers. No other versions or variants are listed in the advisory, so the vulnerability is limited to this specific release.

Risk and Exploitability

With a CVSS score of 2.7 the risk is considered low to moderate. The EPSS score is below 1%, indicating a very low likelihood of exploitation. Attackers could likely exploit it remotely by sending specially crafted HTTP requests to the manage_product.php endpoint, assuming the application does not enforce strict input validation or use parameterized queries.

Generated by OpenCVE AI on April 17, 2026 at 13:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the application to a vendor‑provided patch or newer version that removes the SQL injection flaw.
  • Refactor the manage_product.php code to employ prepared statements or query parameterization for all database operations.
  • Implement input validation and sanitization for all parameters received at manage_product.php before they are used in SQL queries.

Generated by OpenCVE AI on April 17, 2026 at 13:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Pharmacy Point of Sale System 1.0

Wed, 04 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester pharmacy Point Of Sale System
Vendors & Products Sourcecodester
Sourcecodester pharmacy Point Of Sale System

Wed, 04 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Oretnom23
Oretnom23 pharmacy Point Of Sale System
CPEs cpe:2.3:a:oretnom23:pharmacy_point_of_sale_system:1.0:*:*:*:*:*:*:*
Vendors & Products Oretnom23
Oretnom23 pharmacy Point Of Sale System

Tue, 03 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php.
References

Subscriptions

Oretnom23 Pharmacy Point Of Sale System
Sourcecodester Pharmacy Point Of Sale System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-03T20:36:18.782Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26890

cve-icon Vulnrichment

Updated: 2026-03-03T20:29:23.498Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-03T18:16:25.610

Modified: 2026-03-04T14:04:59.877

Link: CVE-2026-26890

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:30:19Z

Weaknesses