Home / Vulnerability Intelligence / CVE-2026-26890

CVE-2026-26890 - Vulnerability Analysis

LowCVSS: 2.7

Last Updated: March 4, 2026

Sourcecodester Pharmacy Point of Sale System - SQL Injection

Published: March 3, 2026Updated: March 4, 2026PoC AvailableRemote Exploitable

Overview

Sourcecodester Pharmacy Point of Sale System v1.0 contains a sql injection caused by improper sanitization in /pharmacy/manage_product.php, letting attackers execute arbitrary SQL commands remotely, exploit requires crafted requests.

Severity & Score

Severity: Low

CVSS Score: 2.7

Impact

Attackers can execute arbitrary SQL commands, potentially leading to data disclosure, modification, or full database compromise.

Mitigation

Update to the latest version or apply patches that fix SQL injection in /pharmacy/manage_product.php.

References

https://github.com/shininadd/bug_report/blob/main/Sourcecodester/pharmacy-point-sale-system/SQL-4.md

Related Resources

Details

CVE ID: CVE-2026-26890
Severity: Low
CVSS Score: 2.7
Type: sql_injection
Status: confirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N