Skip to content
CVSS 7.3 · HIGH

CVE-2026-7088

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=save_receiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

View on NVD

Analysis

This is a vulnerability in a script from SourceCodester, which is a platform for hobbyist and educational code samples. The deployment footprint is extremely limited and does not represent a risk to the professional developer community or common infrastructure stacks.

Severity

Score: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Weakness (CWE): CWE-74CWE-89

EPSS

Probability of exploitation (next 30 days): 0.0004 (0.0%)
Percentile: 11.7%
EPSS: 2026-05-06

Technical description

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=save_receiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

Published: 4/27/2026, 6:16:03 AM
Last modified: 4/29/2026, 1:00:01 AM

References

HomeEventsBlogResourcesTeam