Skip to content
CVSS 7.3 · HIGH

CVE-2026-7550

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=save_customer. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Ver en NVD

Análisis

This SQL injection affects a Pharmacy Sales and Inventory System script from SourceCodester, which is typically used for educational or hobbyist purposes. Because this is not a widely deployed or professional-grade application, it does not warrant the attention of the MexicoDev community admins.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-74CWE-89

EPSS

Probabilidad de explotación (próx. 30 días): 0.0003 (0.0%)
Percentil: 8.5%
EPSS: 2026-05-06

Descripción técnica

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=save_customer. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Publicada: 1/5/2026, 5:16:03
Última modificación: 1/5/2026, 15:26:24

Referencias

InicioEventosBlogRecursosEquipo