Business Logic Flaw in SourceCodester Pharmacy Product Management System
CVE-2026-30573

7.5HIGH

Key Information:

Vendor: SourceCodester
Status: Pharmacy Product Management System
Vendor: CVE Published:; 1 April 2026

🔔 Create SourceCodester Vulnerability Alert

What is CVE-2026-30573?

A business logic vulnerability in the SourceCodester Pharmacy Product Management System v1.0 allows malicious users to exploit the system by submitting negative values in the transaction parameters 'txtprice' and 'txttotalcost' via the add-sales.php file. This flaw compromises the integrity of sales data, resulting in erroneous financial computations, corruption of sales reports, and potential financial impacts on businesses relying on this system for accurate transaction logging.

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/P...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-30573 Data

JSON