CVE-2026-6188

CWE-74 CWE-89 — SQL Injection8 documents4 sources

Severity

6.9MEDIUM

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Pharmacy Sales AND Inventory System

Timeline

PublishedApr 13

Description

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

▶CVEListV5sourcecodester/pharmacy_sales_and_inventory_system1.0

🔴Vulnerability Details

CVEList

SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection↗2026-04-13

▶

GHSA

GHSA-c46f-5cvg-v8f7: A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1↗2026-04-13

▶

💬Community

Bugzilla

CVE-2026-3889 thunderbird: Spoofing issue in Thunderbird↗2026-03-24

▶

Bugzilla

CVE-2026-4717 firefox: thunderbird: Privilege escalation in the Netmonitor component↗2026-03-24

▶

Bugzilla

CVE-2026-4711 firefox: thunderbird: Use-after-free in the Widget: Cocoa component↗2026-03-24

▶

Bugzilla

CVE-2026-4371 thunderbird: Out of bounds read in IMAP parsing↗2026-03-24

▶

Bugzilla

CVE-2026-4701 firefox: thunderbird: Use-after-free in the JavaScript Engine component↗2026-03-24

▶