CVE-2026-7199

· NIST NVD ↗

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_product. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

HIGH
CVSS severity
7.3
CVSS base score
2026-04-28
Published

CWE codes

CWE-74CWE-89

Sources