CVE-2026-30573 — Improper Validation of Specified Quantity in Input in Web-based Pharmacy Product Management System

CWE-1284 — Improper Validation of Specified Quantity in Input3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 85.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Senior-walter Web-based Pharmacy Product Management System

Timeline

PublishedApr 1

Description

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales transactions. This leads to incorrect financial calculations, corruption of sales reports, and potential financial loss.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDsenior-walter/web-based_pharmacy_product_management_system1.0

🔴Vulnerability Details

CVEList

CVE-2026-30573: A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1↗2026-04-01

▶

GHSA

GHSA-jgvv-46pr-527w: A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1↗2026-04-01

▶