CVE-2026-30575

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during stock entry, allowing negative values to be processed. This causes the system to decrease the inventory level instead of increasing it, leading to inventory corruption and potential Denial of Service by depleting stock records.
Configurations

Configuration 1 (hide)

cpe:2.3:a:senior-walter:web-based_pharmacy_product_management_system:1.0:*:*:*:*:*:*:*

History

31 Mar 2026, 17:59

Type Values Removed Values Added
CPE cpe:2.3:a:senior-walter:web-based_pharmacy_product_management_system:1.0:*:*:*:*:*:*:*
References () https://github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Management-System/Logic-AddStock-NegativeQty.md - () https://github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Management-System/Logic-AddStock-NegativeQty.md - Exploit, Vendor Advisory
First Time Senior-walter
Senior-walter web-based Pharmacy Product Management System

27 Mar 2026, 20:16

Type Values Removed Values Added
CWE CWE-1284
CWE-20
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

27 Mar 2026, 17:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-03-27 17:16

Updated : 2026-06-17 10:32


NVD link : CVE-2026-30575

Mitre link : CVE-2026-30575

CVE.ORG link : CVE-2026-30575


JSON object : View

Products Affected

senior-walter

  • web-based_pharmacy_product_management_system
CWE
CWE-20

Improper Input Validation

CWE-1284

Improper Validation of Specified Quantity in Input