Skip to content
Threat Feed
Subscribe
high advisory

SourceCodester Pharmacy Sales and Inventory System SQL Injection Vulnerability

A remote SQL injection vulnerability exists in SourceCodester Pharmacy Sales and Inventory System 1.0 via manipulation of the ID argument in the /ajax.php?action=save_user file, potentially allowing attackers to execute arbitrary SQL queries.

SourceCodester Pharmacy Sales and Inventory System 1.0 is vulnerable to SQL injection. The vulnerability, identified as CVE-2026-8083, resides within the /ajax.php?action=save_user file. By manipulating the ID argument, a remote attacker can inject arbitrary SQL code, potentially leading to unauthorized data access, modification, or deletion. The exploit has been publicly disclosed, increasing the risk of exploitation. This vulnerability poses a significant threat to organizations using the affected software, as it can compromise the integrity and confidentiality of sensitive pharmacy and inventory data.

Attack Chain

  1. Attacker identifies the vulnerable endpoint: /ajax.php?action=save_user.
  2. Attacker crafts a malicious SQL payload, injecting it into the ID parameter of the request.
  3. The vulnerable application fails to properly sanitize the input provided by the attacker.
  4. The application executes the crafted SQL query against the database.
  5. The attacker gains the ability to read sensitive data from the database, such as user credentials, patient information, or inventory details.
  6. The attacker modifies or deletes data within the database, potentially disrupting pharmacy operations or altering financial records.

Impact

Successful exploitation of this SQL injection vulnerability could lead to significant data breaches, including unauthorized access to sensitive patient information, financial records, and inventory data. This could result in regulatory fines, reputational damage, and disruption of pharmacy operations. Given the public availability of the exploit, organizations using SourceCodester Pharmacy Sales and Inventory System 1.0 are at increased risk.

Recommendation

  • Deploy the Sigma rule Detect_Pharmacy_SQLi_Save_User to identify attempts to exploit the SQL injection vulnerability in the /ajax.php?action=save_user endpoint.
  • Apply input validation and sanitization to the ID parameter in /ajax.php?action=save_user to prevent SQL injection, mitigating CVE-2026-8083.

Detection coverage 2

Detect Pharmacy Sales SQL Injection in Save User

high

Detects SQL injection attempts in the /ajax.php?action=save_user endpoint by identifying suspicious characters and keywords commonly used in SQL injection payloads.

sigma tactics: initial_access techniques: T1190, T1595.002 sources: webserver, linux

Detect Pharmacy Sales SQL Injection via POST

high

Detects SQL injection attempts via POST data in the /ajax.php?action=save_user endpoint by identifying suspicious characters and keywords commonly used in SQL injection payloads.

sigma tactics: initial_access techniques: T1190, T1595.002 sources: webserver, linux

Detection queries are available on the platform. Get full rules →