CVE-2026-30576

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGH

EPSS

0.0%

top 85.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Senior-walter Web-based Pharmacy Product Management System

Timeline

PublishedMar 27

Description

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption of financial records, allowing attackers to manipulate inventory asset values and procurement costs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDsenior-walter/web-based_pharmacy_product_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-5jg4-m9rh-fp8f: A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1↗2026-03-27

▶

CVEList

CVE-2026-30576: A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1↗2026-03-27

▶