CVE-2026-3401

LOW

SourceCodester Pharmacy Mgmt 1.0 - Auth Bypass

Title source: llm

Description

A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the attack is possible. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been made available to the public and could be used for attacks.

References (5)

[Permissions Required, VDB Entry] https://vuldb.com/?id.348296

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.348296

[Permissions Required, VDB Entry] https://vuldb.com/?submit.762795

[Third Party Advisory] https://github.com/hiranerakkot/Web-based-Pharmacy-Product-Management-System/blob/main/README.md

View Writeup ZIP pw:eip

[Various Sources] https://www.sourcecodester.com/

Scores

CVSS v3 3.1

EPSS 0.0008

EPSS Percentile 24.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-613

Status published

Products (1)

senior-walter/web-based_pharmacy_product_management_system 1.0

Published Mar 02, 2026

Tracked Since Mar 02, 2026