SourceCodester Pharmacy Sales and Inventory System ajax.php save_expired sql injection

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function save_expired of the file /ajax.php?action=save_expired. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Basic Information

ID CVE-2026-7283

Source VulDB

Published Apr 28, 2026 at 14:15

Affected Product

Vendor SourceCodester

Product Pharmacy Sales and Inventory System

Version 1.0

Affected Versions SourceCodester Pharmacy Sales and Inventory System 1.0

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function save_expired of the file /ajax.php?action=save_expired. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.",
    "published": "2026-04-28T14:15:10.794Z",
    "modified": "2026-04-28T14:15:10.794Z",
    "type": "cve",
    "title": "SourceCodester Pharmacy Sales and Inventory System ajax.php save_expired sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359941\nhttps://vuldb.com/vuln/359941/cti\nhttps://vuldb.com/submit/803019\nhttps://github.com/CDipper/CVE-Test/issues/1\nhttps://www.sourcecodester.com/",
    "id": "CVE-2026-7283",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "SourceCodester Pharmacy Sales and Inventory System 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pharmacy Sales and Inventory System",
    "version": "1.0",
    "vendor": "SourceCodester",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SourceCodester Pharmacy Sales and Inventory System ajax.php save_expired sql injection_CVE-2026-7283