CVE-2026-30575

HIGH

SourceCodester Pharmacy Product Management System 1.0 - DoS

Title source: llm

Description

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during stock entry, allowing negative values to be processed. This causes the system to decrease the inventory level instead of increasing it, leading to inventory corruption and potential Denial of Service by depleting stock records.

References (1)

https://github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Management-System/Logic-AddStock-NegativeQty.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0010

EPSS Percentile 28.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-1284 CWE-20

Status published

Products (1)

senior-walter/web-based_pharmacy_product_management_system 1.0

Published Mar 27, 2026

Tracked Since Mar 29, 2026