Description
A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the attack is possible. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been made available to the public and could be used for attacks.
Published: 2026-03-02
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (Session Expiration)
Action: Apply Fix
AI Analysis

Impact

A weakness in the SourceCodester Web-based Pharmacy Product Management System allows an attacker to manipulate session handling, causing the system to forcibly expire user sessions. This manipulation can lead to denial of service by disrupting legitimate user activity. The CVE notes that remote exploitation is possible and the public has released a proof‑of‑concept tool, although the complexity of the attack is considered high and the exploit requires considerable effort. The impact is limited to service availability and does not appear to expose confidential data or enable further privilege escalation.

Affected Systems

SourceCodester Web-based Pharmacy Product Management System 1.0.

Risk and Exploitability

The vulnerability carries a CVSS score of 2.3, indicating a low overall risk. The EPSS score is below 1 %, showing a very low probability that exploits are actively being used, and the issue is not listed in the CISA KEV catalog. The attack vector is remote and requires high complexity skills, but the exploit is publicly available. Given the low score and difficulty, the threat remains primarily a potential denial of service rather than a critical exploitation vector.

Generated by OpenCVE AI on April 16, 2026 at 14:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update or patch the SourceCodester Web-based Pharmacy Product Management System to a version that correctly implements session expiration and invalidation policies.
  • Review and strengthen the session‑management code to ensure that session tokens are invalidated on logout, use secure cookie flags, and apply a short idle timeout.
  • Limit the exposure of session‑management endpoints to authenticated users only, and monitor logs for abnormal or repeated session termination events.

Generated by OpenCVE AI on April 16, 2026 at 14:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 03 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Senior-walter
Senior-walter web-based Pharmacy Product Management System
CPEs cpe:2.3:a:senior-walter:web-based_pharmacy_product_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Senior-walter
Senior-walter web-based Pharmacy Product Management System

Mon, 02 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester web-based Pharmacy Product Management System
Vendors & Products Sourcecodester
Sourcecodester web-based Pharmacy Product Management System

Mon, 02 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the attack is possible. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been made available to the public and could be used for attacks.
Title SourceCodester Web-based Pharmacy Product Management System session expiration
Weaknesses CWE-613
References
Metrics cvssV2_0

{'score': 2.1, 'vector': 'AV:N/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.1, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Senior-walter Web-based Pharmacy Product Management System
Sourcecodester Web-based Pharmacy Product Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-02T15:40:51.662Z

Reserved: 2026-03-01T06:43:59.046Z

Link: CVE-2026-3401

cve-icon Vulnrichment

Updated: 2026-03-02T15:40:46.621Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-02T01:16:02.563

Modified: 2026-03-03T19:47:49.850

Link: CVE-2026-3401

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:45:25Z

Weaknesses