SourceCodester Pharmacy Product Management System POST Parameter add-sales.php logic error

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

Basic Information

ID CVE-2026-5812

Source VulDB

Published Apr 8, 2026 at 22:30

Modified Apr 9, 2026 at 16:16

Affected Product

Vendor SourceCodester

Product Pharmacy Product Management System

Version 1.0

Affected Versions SourceCodester Pharmacy Product Management System 1.0

CWE Classification

CWE-840

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.",
    "published": "2026-04-08T22:30:15.161Z",
    "modified": "2026-04-09T16:16:28.528Z",
    "type": "cve",
    "title": "SourceCodester Pharmacy Product Management System POST Parameter add-sales.php logic error",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/356260\nhttps://vuldb.com/vuln/356260/cti\nhttps://vuldb.com/submit/787680\nhttps://github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Management-System/Logic-AddSales-NegativeQty.md\nhttps://www.sourcecodester.com/",
    "id": "CVE-2026-5812",
    "bulletinFamily": "",
    "cwe": [
        "CWE-840"
    ],
    "cvelist": null,
    "sourceData": "SourceCodester Pharmacy Product Management System 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pharmacy Product Management System",
    "version": "1.0",
    "vendor": "SourceCodester",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SourceCodester Pharmacy Product Management System POST Parameter add-sales.php logic error_CVE-2026-5812