Donate Telegram

CVE-2026-3766

MEDIUM CVSS 4.0: 5.1 EPSS 0.03%

Mar 08, 2026

Updated Mar 09, 2026

PHP

Parameter	Value
CVSS	5.1 (MEDIUM)
Type	CWE-79 (Cross-Site Scripting (XSS) (Межсайтовый скриптинг)), CWE-94 (Code Injection (Внедрение кода))
Vendor	PHP
Public PoC	No

A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an unknown function of the file edit-profile.php. Performing a manipulation of the argument fullname results in cross site scripting.

The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Attack Requirements

None

Нет дополнительных условий

Privileges Required

Low

Нужны базовые права

User Interaction

Passive

Минимальное взаимодействие

Impact Assessment

Confidentiality

None

Нет утечки данных

Integrity

Low

Частичная модификация данных

Availability

None

Нет нарушения работы

CVSS Vector v4.0

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS) (Межсайтовый скриптинг)

CWE-94 Code Injection (Внедрение кода)

References 5

https://gist.github.com/Denilxavier/6b21cb788f7f545179286f6c44989448

https://vuldb.com/?ctiid.349744

https://vuldb.com/?id.349744

https://vuldb.com/?submit.768251

https://www.sourcecodester.com/

Share Post Share Share Share

Related Vulnerabilities

CVE-2025-40639

PHP

CVE-2026-3786

PHP

CVE-2026-3785

PHP

CVE-2026-3767

PHP

CVE-2026-3764

PHP

CVE Details

CVE ID

CVE-2026-3766

Published Date

Mar 08, 2026

Vendor

PHP

Severity

MEDIUM

CVSS v4.0 Score

5.1

Medium severity. Plan remediation.

Exploit Prediction (EPSS)

Probability of Exploit 0.03%

Likelihood of exploitation in next 30 days

Percentile: 8.5th percentile (higher than 8.5% of all CVEs)

Standard patching cycle

Impact

Partial data modification

Source

Editor's Choice