CVE-2026-5812
Received Received - Intake
Business Logic Error in SourceCodester Pharmacy add-sales.php (Remote

Publication date: 2026-04-08

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-04-09
EPSS Evaluated
2026-05-05
NVD
CVE-2026-5812
EUVD
EUVD-2026-20803
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sourcecodester pharmacy_product_management_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-840 Business Logic Errors
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a security flaw in the SourceCodester Pharmacy Product Management System 1.0, specifically in the add-sales.php file within the POST Parameter Handler component. It involves manipulation of the txtqty argument, which leads to business logic errors. The flaw can be exploited remotely, and the exploit code has been publicly released.


How can this vulnerability impact me? :

Exploiting this vulnerability can cause business logic errors in the affected system. This may lead to incorrect processing of sales data or other unintended behaviors within the pharmacy product management system. Since the exploit is publicly available and can be initiated remotely, attackers could potentially disrupt business operations or manipulate sales records.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart