Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-30573

SourceCodester · Pharmacy Product Management System

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice"

Description

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales transactions. This leads to incorrect financial calculations, corruption of sales reports, and potential financial loss.

Affected Products

Vendor	Product	Versions
SourceCodester	Pharmacy Product Management System	—

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Management-System/Logic-AddSales-NegativePrice.md

Related News (1 articles)

Tier C

VulDB22h ago

CVE-2026-30573 | SourceCodester Pharmacy Product Management System 1.0 add-sales.php txtprice/txttotalcost behavioral workflow (EUVD-2026-17901)

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA KEV❌ No

Actively exploited❌ No

CWECWE-1284

PublishedApr 1, 2026

Last enriched17h agov2

Trending Score25

Source articles1

Independent1

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-30526

A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg parameter. The app

MEDIUMCVE-2026-30523

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which deter

MEDIUMCVE-2026-5330

SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control

MEDIUMCVE-2026-5326

SourceCodester Leave Application System User Information index.php authorization

NONECVE-2026-5325

SourceCodester Simple Customer Relationship Management System Create Ticket create-ticket.php cross site scripting

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: vendor, product

Apr 1, 2026

Version History

v2

Last enriched 17h ago

v2Tier C17h ago

Updated vendor and product information, changed severity to CRITICAL, and marked the vulnerability as actively exploited.

vendorproduct

via VulDB

v118h ago

Initial creation