CVE-2026-30576

High CVSS: 7.5

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption of financial records, allowing attackers to manipulate inventory asset values and procurement costs.

Vendor

Senior-walter

Product

Web-based Pharmacy Product Management System

CWE

CWE-20

Yayın Tarihi

2026-03-27 17:16:29

Güncelleme

2026-03-31 16:14:39

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-20 Web-based Pharmacy Product Management System HIGH Senior-walter 2026

Referanslar

https://github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Management-System/Logic-AddStock-NegativePrice.md

Benzer Kayıtlar

High

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is loc…

High

CVE-2026-30574

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file…

High

CVE-2026-30575

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file…

Medium

CVE-2026-3766

A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an…

Low

CVE-2026-3401

A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unkno…

Medium

CVE-2025-14206

A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown…