CVE-2026-30574

HIGH EPSS 16.8%

Published Mar 27, 20263mo ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Mar 27, 2026 3mo ago

Last Modified Jun 17, 2026 1w ago

Description

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity (txtqty) exceeds the available stock level. An attacker can manipulate the request to purchase a quantity that is significantly higher than the actual available stock.

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality None

Integrity High

Availability None

Threat Intelligence

EPSS Exploit Probability

16.8% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-841

Affected Products 1

Vendor	Product	Version	Range
senior-walter	web-based_pharmacy_product_management_system	1.0	any

References 1

github.com https://github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Management-System/Logic-AddSales-Overselling.md

ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.