Lucene search
K

371 matches found

RedhatCVE
RedhatCVE
added 2026/05/20 7:57 p.m.8 views

CVE-2026-31070

The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 12:0 a.m.12 views

EUVD-2026-30945

The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...

5.8AI score0.00476EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

Pharmacy Management System 安全漏洞

The Pharmacy Management System MPMS is a multilingual pharmacy management system developed by Mayuri K. The Pharmacy Management System 5c3d028 version has a security vulnerability. This vulnerability stems from the /api/user/signup endpoint, which fails to validate the role parameter in the reque...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 12:0 a.m.46 views

CVE-2026-31070

The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...

0.00476EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 8:0 a.m.6 views

CVE-2026-7746

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /productexpiry/edit-admin.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/08 10:30 p.m.14 views

CVE-2026-5812

CVE-2026-5812 – SourceCodester Pharmacy Product Management System 1.0 : A flaw in add-sales.php (POST Parameter Handler) allows manipulation of the txtqty parameter, triggering business-logic errors. Exploitation can be remote; exploit publicly released. No explicit patch/version details or vendo...

5.5CVSS5.6AI score0.00241EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31550

Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Product Management System version 1.0 Description A security flaw exists in SourceCodester Pharmacy Product Management System 1.0. The issue is located in an unknown part of the add-sales.php file within the POST...

5.5CVSS5.9AI score0.00241EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/01 3:31 p.m.5 views

EUVD-2026-17901

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

7.5CVSS5.9AI score0.0025EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/01 12:0 a.m.24 views

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

0.0025EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 5:16 p.m.8 views

CVE-2026-30576

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption...

7.5CVSS0.00256EPSS
Exploits1References1
CVE
CVE
added 2026/03/27 12:0 a.m.12 views

CVE-2026-30574

CVE-2026-30574 affects SourceCodester Pharmacy Product Management System 1.0, specifically the add-sales.php logic. The issue is a failure to validate that the requested sales quantity (txtqty) does not exceed available stock, allowing an attacker to Manipulate the request to oversell beyond stoc...

7.5CVSS5.9AI score0.00256EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.9 views

SourceCodester Pharmacy Product Management System 安全漏洞

SourceCodester Pharmacy Product Management System is an open-source drug management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Product Management System contains a security vulnerability. This vulnerability arises from the add-stock.php file, which does not...

7.5CVSS5.8AI score0.00421EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/02 12:2 a.m.7 views

CVE-2026-3401 SourceCodester Web-based Pharmacy Product Management System session expiration

A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the attack is possible. The complexity of an attack is rather high. It is indicated that the...

3.1CVSS5.2AI score0.00322EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.5 views

CVE-2023-31519

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the email parameter at logincore.php...

9.8CVSS8.4AI score0.0085EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.11 views

CVE-2023-4186

A vulnerability was found in SourceCodester Pharmacy Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file managewebsite.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit h...

9.8CVSS6.9AI score0.00915EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/03 12:26 a.m.9 views

CVE-2025-65215

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting XSS in /productexpiry/add-supplier.php via the Supplier Name field...

6.1CVSS6.2AI score0.00192EPSS
Exploits1References1
OSV
OSV
added 2025/12/02 6:15 p.m.4 views

CVE-2025-65215

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting XSS in /productexpiry/add-supplier.php via the Supplier Name field...

6.1CVSS5.8AI score0.00192EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.4 views

PT-2025-48737

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting XSS in /product expiry/add-supplier.php via the Supplier Name field...

6.1CVSS6.2AI score0.00192EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/02 12:0 a.m.9 views

CVE-2025-65215

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting XSS in /productexpiry/add-supplier.php via the Supplier Name field...

0.00192EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.5 views

SourceCodester Web-based Pharmacy Product Management System 安全漏洞

SourceCodester Web-based Pharmacy Product Management System is a SourceCodester open source web-based pharmacy product management system. A security vulnerability exists in Sourcecodester Web-based Pharmacy Product Management System v1.0, which originates from a cross-site scripting attack on the...

6.1CVSS6.1AI score0.00192EPSS
Exploits1References3
Rows per page
Query Builder