Description
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during stock entry, allowing negative values to be processed. This causes the system to decrease the inventory level instead of increasing it, leading to inventory corruption and potential Denial of Service by depleting stock records.
Published: 2026-03-27
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via inventory depletion
Action: Immediate Patch
AI Analysis

Impact

A business‑logic flaw in the add‑stock handling of the Pharmacy Product Management System allows the quantity field to accept negative values. When submitted, these values are applied as reductions, causing the inventory count to decrease instead of increase. This corruption can lead to critical stock records being depleted, potentially disrupting supply chains and causing application instability.

Affected Systems

The vulnerability affects Senior‑Walter Web‑Based Pharmacy Product Management System version 1.0. No other vendor or product versions are currently known to be impacted.

Risk and Exploitability

The flaw has a CVSS score of 7.5, indicating high severity, but its EPSS score is below 1 % and it is not listed in CISA’s KEV catalog, suggesting a low probability of widespread exploitation. The likely attack vector is a web‑application user interacting with the add‑stock form, either as an authorized operator or via an external user if the form is exposed publicly. Exploitation requires passing the form with a negative quantity; proper input validation would block this path.

Generated by OpenCVE AI on March 31, 2026 at 20:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest released version of the Pharmacy Product Management System if one is available.
  • If an update is not available, modify add‑stock.php to validate the txtqty parameter and reject negative values before processing.
  • Verify current inventory levels and restore accurate counts if corruption has occurred.

Generated by OpenCVE AI on March 31, 2026 at 20:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Negative Quantity Stock Entry Exploit in Pharmacy Management System

Tue, 31 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Senior-walter
Senior-walter web-based Pharmacy Product Management System
CPEs cpe:2.3:a:senior-walter:web-based_pharmacy_product_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Senior-walter
Senior-walter web-based Pharmacy Product Management System

Mon, 30 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester pharmacy Product Management System
Vendors & Products Sourcecodester
Sourcecodester pharmacy Product Management System

Sun, 29 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Title Negative Quantity Stock Depletion Vulnerability in Pharmacy Product Management System

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Negative Quantity Stock Depletion Vulnerability in Pharmacy Product Management System

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1284
CWE-20
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Description A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during stock entry, allowing negative values to be processed. This causes the system to decrease the inventory level instead of increasing it, leading to inventory corruption and potential Denial of Service by depleting stock records.
References

Subscriptions

Senior-walter Web-based Pharmacy Product Management System
Sourcecodester Pharmacy Product Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-27T19:00:29.848Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30575

cve-icon Vulnrichment

Updated: 2026-03-27T18:59:49.944Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T17:16:28.947

Modified: 2026-03-31T17:59:06.013

Link: CVE-2026-30575

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:11:54Z

Weaknesses