anonhaven
Ad

CVE-2026-30576

HIGH CVSS 3.1: 7.5 EPSS 0.05%
Updated Mar 31, 2026
Senior-Walter
Parameter Value
CVSS 7.5 (HIGH)
Type CWE-20 (Improper Input Validation)
Vendor Senior-Walter
Public PoC No

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption of financial records, allowing attackers to manipulate inventory asset values and procurement costs.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-20 Improper Input Validation

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Senior-Walter Web-Based_Pharmacy_Product_Management_System
cpe:2.3:a:senior-walter:web-based_pharmacy_product_management_system:1.0:*:*:*:*:*:*:*

References 1

https://github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Manage…
cve@mitre.org
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-30573

Senior-Walter

7.5

CVE-2026-30575

Senior-Walter

7.5

CVE-2026-30574

Senior-Walter

7.5

CVE-2025-63712

Senior-Walter

8.8

CVE-2025-56018

Senior-Walter

6.1