CVE-2026-30574

HIGH

SourceCodester Pharmacy Product Management System 1.0 - Business Logic

Title source: llm

Description

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity (txtqty) exceeds the available stock level. An attacker can manipulate the request to purchase a quantity that is significantly higher than the actual available stock.

References (1)

https://github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Management-System/Logic-AddSales-Overselling.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 11.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-841

Status published

Products (1)

senior-walter/web-based_pharmacy_product_management_system 1.0

Published Mar 27, 2026

Tracked Since Mar 29, 2026