A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice"

Description

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales transactions. This leads to incorrect financial calculations, corruption of sales reports, and potential financial loss.

Affected Products

Vendor	Product	Versions
SourceCodester	Pharmacy Product Management System	—

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Management-System/Logic-AddSales-NegativePrice.md

Related News (1 articles)

Tier C

VulDB20h ago

CVE-2026-30573 | SourceCodester Pharmacy Product Management System 1.0 add-sales.php txtprice/txttotalcost behavioral workflow (EUVD-2026-17901)

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA KEV❌ No

Actively exploited❌ No

CWECWE-1284

PublishedApr 1, 2026

Last enriched15h agov2

Trending Score25

Source articles1

Independent1

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 15h ago

v2Tier C15h ago

Updated vendor and product information, changed severity to CRITICAL, and marked the vulnerability as actively exploited.

vendorproduct

via VulDB

v117h ago

Initial creation

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice"

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History