CVE-2026-6189

HIGH NVD

CVSS Score 7.3

Severity HIGH

Published Apr 13, 2026

Vendor unknown

Description

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References

https://github.com/lingzezzz/lingze/issues/1
https://vuldb.com/submit/797377
https://vuldb.com/vuln/357111
https://vuldb.com/vuln/357111/cti
https://www.sourcecodester.com/