CVE-2026-30574 β€” Improper Enforcement of Behavioral Workflow in Web-based Pharmacy Product Management System

CWE-841 β€” Improper Enforcement of Behavioral Workflow3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 89.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Senior-walter Web-based Pharmacy Product Management System
Timeline
PublishedMar 27

Description

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity (txtqty) exceeds the available stock level. An attacker can manipulate the request to purchase a quantity that is significantly higher than the actual available stock.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
CVEList
CVE-2026-30574: A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1β†—2026-03-27
β–Ά
GHSA
GHSA-3wqr-83x4-348r: A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1β†—2026-03-27
β–Ά
CVE-2026-30574 β€” HIGH severity | cvebase