CVE-2026-26708 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 3, 2026
Sourcecodester Pharmacy Point of Sale System - SQL Injection
Published: March 2, 2026Updated: March 3, 2026PoC AvailableRemote Exploitable
Overview
Sourcecodester Pharmacy Point of Sale System v1.0 contains a sql injection caused by improper sanitization in /pharmacy/manage_user.php, letting attackers execute arbitrary SQL commands remotely, exploit requires crafted request.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can execute arbitrary SQL commands, potentially leading to data disclosure, modification, or full database compromise.
Mitigation
Update to the latest version or apply patches that fix SQL injection in /pharmacy/manage_user.php.
Related Resources
Details
- CVE ID
- CVE-2026-26708
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- sql_injection
- Status
- confirmed
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H