CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/27 4:45 a.m.•27 views

CVE-2026-7088 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=savereceiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit...

7.5CVSS0.00254EPSS

EUVD•added 2026/04/27 4:45 a.m.•3 views

EUVD-2026-25772

7.5CVSS5.5AI score0.00254EPSS

Vulnrichment•added 2026/04/27 4:45 a.m.•1 views

CVE-2026-7088 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

7.5CVSS7.3AI score0.00254EPSS

ATTACKERKB•added 2026/04/27 4:45 a.m.•6 views

CVE-2026-7088

7.5CVSS5.5AI score0.00254EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/04/27 4:30 a.m.•4 views

CVE-2026-7087 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=savesales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been...

CVE•added 2026/04/27 4:30 a.m.•7 views

CVE-2026-7087

SourceCodester Pharmacy Sales and Inventory System 1.0 contains a SQL injection in /ajax.php?action=save_sales via manipulation of the ID parameter. The flaw is triggered remotely, allowing an attacker to influence the database query. The exploit is public and may be used for attacks. The descrip...

7.5CVSS7.3AI score0.00254EPSS

Cvelist•added 2026/04/27 4:30 a.m.•31 views

CVE-2026-7087 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

7.5CVSS0.00254EPSS

ATTACKERKB•added 2026/04/27 4:30 a.m.•4 views

CVE-2026-7087

7.5CVSS5.4AI score0.00254EPSS

Exploits0References5Affected Software1

EUVD•added 2026/04/27 2:26 a.m.•1 views

EUVD-2026-25769

The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrmsaveuserroles function, which is hooked to the personaloptionsupdate action accessible by any...

8.8CVSS5.2AI score0.00307EPSS

Exploits0References8

Positive Technologies•added 2026/04/27 12:0 a.m.•4 views

PT-2026-35420

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save category. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released ...

CNNVD•added 2026/04/27 12:0 a.m.•5 views

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability, which stems from the handling of parameter ID...

CNNVD•added 2026/04/27 12:0 a.m.•4 views

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

CNNVD•added 2026/04/27 12:0 a.m.•7 views

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

Positive Technologies•added 2026/04/27 12:0 a.m.•5 views

PT-2026-35344

Name of the Vulnerable Software and Affected Versions Highland Software Custom Role Manager versions prior to 1.0.1 Description The Highland Software Custom Role Manager plugin for WordPress allows privilege escalation due to insufficient authorization checks in the hscrm save user roles function...

8.8CVSS5.8AI score0.00307EPSS

Exploits0References15

Positive Technologies•added 2026/04/27 12:0 a.m.•1 views

PT-2026-35541

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save product. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

Positive Technologies•added 2026/04/27 12:0 a.m.•4 views

PT-2026-35518

Name of the Vulnerable Software and Affected Versions Pimcore version 12.3.3 Description An authenticated administrative user with permissions to import or save DataObject class definitions can inject malicious composite index metadata. This action allows the execution of unintended SQL commands ...

7CVSS6AI score0.00346EPSS

Exploits0References13

Positive Technologies•added 2026/04/27 12:0 a.m.•6 views

PT-2026-35430

A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save type. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit ha...

CNNVD•added 2026/04/27 12:0 a.m.•9 views

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from improper...

7.5CVSS7.1AI score0.00254EPSS

Positive Technologies•added 2026/04/27 12:0 a.m.•8 views

PT-2026-35353

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=save sales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been...