CVE-2026-7282

A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function delete_expired of the file /ajax.php?action=delete_expired. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is p...

medium 4.7 CVSS 3.1

Published: Apr 28, 2026

Modified: Apr 29, 2026

Description

A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function delete_expired of the file /ajax.php?action=delete_expired. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

References

https://github.com/CDipper/CVE-Test/issues/2
https://vuldb.com/submit/803018
https://vuldb.com/vuln/359940
https://vuldb.com/vuln/359940/cti
https://www.sourcecodester.com/

Version	3.1
Score	4.7 / 10
Severity	medium