Product
CVE-2026-6187 is a remote SQL injection vulnerability in SourceCodester Pharmacy Sales and Inventory System 1.0 via the ID parameter in /ajax.php?action=chk_prod_availability, allowing unauthenticated attackers to execute arbitrary SQL queries.