Senior-walter

Web-based Pharmacy Product Management System

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-30573

Exploit
  • EPSS 0.05%
  • Veröffentlicht 01.04.2026 00:00:00
  • Zuletzt bearbeitet 07.04.2026 12:06:55

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers...

7.5

CVE-2026-30575

Exploit
  • EPSS 0.1%
  • Veröffentlicht 27.03.2026 00:00:00
  • Zuletzt bearbeitet 31.03.2026 17:59:06

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during stock entry, allowing negative values to be processed. This caus...

7.5

CVE-2026-30576

Exploit
  • EPSS 0.05%
  • Veröffentlicht 27.03.2026 00:00:00
  • Zuletzt bearbeitet 31.03.2026 16:14:39

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial v...

7.5

CVE-2026-30574

Exploit
  • EPSS 0.04%
  • Veröffentlicht 27.03.2026 00:00:00
  • Zuletzt bearbeitet 31.03.2026 18:03:28

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity (txtqty) exceeds the available stock level. An attacker can mani...

5.4

CVE-2026-3766

Exploit
  • EPSS 0.04%
  • Veröffentlicht 08.03.2026 20:15:49
  • Zuletzt bearbeitet 09.03.2026 16:28:42

A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an unknown function of the file edit-profile.php. Performing a manipulation of the argument fullname results in cross site scripting....

6.6

CVE-2026-3401

Exploit
  • EPSS 0.08%
  • Veröffentlicht 02.03.2026 00:02:10
  • Zuletzt bearbeitet 03.03.2026 19:47:49

A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the attack is possible. The complexity of an attack i...

6.1

CVE-2025-65215

Exploit
  • EPSS 0.07%
  • Veröffentlicht 02.12.2025 00:00:00
  • Zuletzt bearbeitet 05.12.2025 18:59:04

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /product_expiry/add-supplier.php via the Supplier Name field.

8.8

CVE-2025-63712

Exploit
  • EPSS 0.02%
  • Veröffentlicht 10.11.2025 00:00:00
  • Zuletzt bearbeitet 18.11.2025 17:16:12

Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint rel...

6.1

CVE-2025-56018

Exploit
  • EPSS 0.04%
  • Veröffentlicht 30.09.2025 16:15:52
  • Zuletzt bearbeitet 09.04.2026 19:50:03

SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in Category Management via the category name field.

8.1

CVE-2025-56274

Exploit
  • EPSS 0.05%
  • Veröffentlicht 15.09.2025 00:00:00
  • Zuletzt bearbeitet 09.04.2026 19:49:33

SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and perform sensitive operations such as adding new users.