SourceCodester Web-based Pharmacy Product Management System edit-admin.php sql injection

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /product_expiry/edit-admin.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

Problem type

Affected products

SourceCodester

Web-based Pharmacy Product Management System

1.0 - AFFECTED

References

VDB-360921 | SourceCodester Web-based Pharmacy Product Management System edit-admin.php sql injection

https://vuldb.com/vuln/360921

vdb-entrytechnical-description

VDB-360921 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/360921/cti

signaturepermissions-required

Submit #807693 | SourceCodester Web-based Pharmacy Product Management System V1.0 SQL Injection

https://vuldb.com/submit/807693

third-party-advisory

github.com

https://github.com/mjh134/CVE/issues/1

exploitissue-tracking

sourcecodester.com

https://www.sourcecodester.com/

product

GitHub Security Advisories

GHSA-chvm-qqpm-586w

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0...

https://github.com/advisories/GHSA-chvm-qqpm-586w

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-7746

github.com

https://github.com/mjh134/CVE/issues/1

vuldb.com

https://vuldb.com/submit/807693

vuldb.com

https://vuldb.com/vuln/360921

vuldb.com

https://vuldb.com/vuln/360921/cti

sourcecodester.com

https://www.sourcecodester.com

github.com

https://github.com/advisories/GHSA-chvm-qqpm-586w

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-7746

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-7746",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-05-04T08:00:13.659Z",
    "dateReserved": "2026-05-03T17:18:58.177Z",
    "datePublished": "2026-05-04T08:00:13.659Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-05-04T08:00:13.659Z"
      },
      "title": "SourceCodester Web-based Pharmacy Product Management System edit-admin.php sql injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /product_expiry/edit-admin.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used."
        }
      ],
      "affected": [
        {
          "vendor": "SourceCodester",
          "product": "Web-based Pharmacy Product Management System",
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "SQL Injection",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Injection",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/360921",
          "name": "VDB-360921 | SourceCodester Web-based Pharmacy Product Management System edit-admin.php sql injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/360921/cti",
          "name": "VDB-360921 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/submit/807693",
          "name": "Submit #807693 | SourceCodester Web-based Pharmacy Product Management System V1.0 SQL Injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/mjh134/CVE/issues/1",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://www.sourcecodester.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 6.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-05-03T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-05-03T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-05-03T19:24:02.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "mjh_123 (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    }
  }
}