{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-26888", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-03T20:36:18.512Z", "dateReserved": "2026-02-16T00:00:00.000Z", "datePublished": "2026-03-03T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-03T18:09:06.373Z"}, "descriptions": [{"lang": "en", "value": "Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/shininadd/bug_report/blob/main/Sourcecodester/pharmacy-point-sale-system/SQL-2.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-26888", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-03T20:28:33.280794Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T20:36:18.512Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-26888", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-03T20:28:33.280794Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T20:28:47.172Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/shininadd/bug_report/blob/main/Sourcecodester/pharmacy-point-sale-system/SQL-2.md"}], "descriptions": [{"lang": "en", "value": "Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-03T18:09:06.373Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26888", "state": "PUBLISHED", "dateUpdated": "2026-03-03T20:36:18.512Z", "dateReserved": "2026-02-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-03T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oretnom23:pharmacy_point_of_sale_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA845844-0125-4351-BB2C-72589B773463", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php."}], "id": "CVE-2026-26888", "lastModified": "2026-03-04T03:58:31.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-03T20:16:48.880", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/shininadd/bug_report/blob/main/Sourcecodester/pharmacy-point-sale-system/SQL-2.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "pharmacy_point_of_sale_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-17T13:27:59.839017+00:00", "value": {"mitigation_remediation": ["Obtain and apply the vendor\u2019s official patch or upgraded release for Pharmacy Point of Sale System v1.0", "Modify the application to use parameterized queries or prepared statements for all database interactions in manage_stock.php", "Validate and sanitize all user-supplied input parameters before incorporating them into SQL statements"], "summary": {"action": "Patch", "impact": "SQL Injection"}, "threat_synthesis": {"affected_systems": "The only affected product is the Sourcecodester Pharmacy Point of Sale System, version 1.0, as identified by the CPE entry for oretnom23. No other vendor or product variants are listed as affected.", "description_and_impact": "The Pharmacy Point of Sale System version 1.0 contains an unsanitized input handling flaw in the /pharmacy/manage_stock.php endpoint. This flaw allows an attacker to inject arbitrary SQL statements, leading to unauthorized data disclosure, modification, or deletion. The weakness is formally classified under CWE-89, indicating a lack of proper data validation before use in an SQL statement. The potential impact is limited to the database accessed by the application and does not provide arbitrary code execution or system compromise beyond the bounds of the application\u2019s database permissions.", "risk_and_exploitability": "The CVSS score of 2.7 indicates a low severity assessment, and the EPSS score is reported to be less than 1 percent, suggesting low likelihood of exploitation in the wild. This vulnerability is not catalogued in the CISA KEV database. The likely attack vector is a remote web-based attacker who can send crafted input to the manage_stock.php endpoint, potentially through user interfaces or other susceptible channels. While the score reflects limited impact, the presence of a classic SQL injection flaw warrants timely remediation."}}}}, "created": "2026-03-04T21:04:20.718844+00:00", "title": "SQL Injection Vulnerability in Pharmacy Point of Sale System 1.0", "updated": "2026-04-17T13:30:19.607076+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$pharmacy_point_of_sale_system"]}