CVE-2026-6189

HIGH CVSS 7.3 View on NVD ↗

Description

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References

https://github.com/lingzezzz/lingze/issues/1
https://vuldb.com/submit/797377
https://vuldb.com/vuln/357111
https://vuldb.com/vuln/357111/cti
https://www.sourcecodester.com/

Published: Apr 13, 2026 17:16 UTC Modified: Apr 13, 2026 17:16 UTC