SourceCodester — CraftedSignal Threat Feed

SourceCodester Pharmacy Sales and Inventory System SQL Injection Vulnerability

hello@craftedsignal.io — Fri, 01 May 2026 05:16:03 +0000

On May 1, 2026, a SQL injection vulnerability, CVE-2026-7549, was disclosed in SourceCodester Pharmacy Sales and Inventory System version 1.0. The vulnerability resides in the /ajax.php?action=delete_customer endpoint, where the ID parameter is susceptible to manipulation, enabling remote attackers to inject arbitrary SQL commands. Publicly available exploit code exists, increasing the risk of exploitation. Successful exploitation can lead to unauthorized data access, modification, or deletion within the application’s database. This vulnerability is particularly concerning due to the sensitive nature of pharmacy data, potentially impacting confidentiality, integrity, and availability.

Attack Chain

Attacker identifies the vulnerable /ajax.php?action=delete_customer endpoint in SourceCodester Pharmacy Sales and Inventory System 1.0.
Attacker crafts a malicious HTTP request targeting the vulnerable endpoint.
The malicious request includes a manipulated ID parameter containing a SQL injection payload.
The application fails to properly sanitize the ID parameter before incorporating it into a SQL query.
The injected SQL code is executed against the application’s database.
The attacker gains unauthorized access to sensitive data, such as customer information, prescription details, or inventory levels.
The attacker may modify or delete data within the database, potentially disrupting pharmacy operations or causing data integrity issues.

Impact

Successful exploitation of this SQL injection vulnerability (CVE-2026-7549) can lead to the complete compromise of the SourceCodester Pharmacy Sales and Inventory System database. Attackers could potentially exfiltrate sensitive patient data, modify prescription information, or disrupt pharmacy operations by deleting critical data. The vulnerability has a CVSS v3.1 score of 7.3 (HIGH), indicating a significant risk. The number of victims and specific sectors targeted remain unknown, but any pharmacy using the affected version is potentially at risk.

Recommendation

Apply input validation and sanitization to all user-supplied input, especially the ID parameter in /ajax.php?action=delete_customer, to prevent SQL injection (CWE-89).
Deploy the Sigma rule “Detect SQL Injection Attempts in Pharmacy Sales System” to identify and block malicious requests targeting the vulnerable endpoint.
Upgrade to a patched version of SourceCodester Pharmacy Sales and Inventory System that addresses CVE-2026-7549 once available.
Monitor web server logs for suspicious activity, such as unusual requests to /ajax.php?action=delete_customer, to detect potential exploitation attempts.

SourceCodester Pharmacy Sales and Inventory System SQL Injection Vulnerability

hello@craftedsignal.io — Fri, 01 May 2026 05:16:03 +0000

SourceCodester Pharmacy Sales and Inventory System 1.0 is vulnerable to SQL injection via the /ajax.php?action=save_customer endpoint. Disclosed on May 1, 2026, the vulnerability, identified as CVE-2026-7550, allows unauthenticated remote attackers to inject arbitrary SQL commands by manipulating the ID argument. The vulnerability exists due to insufficient input validation. Public exploit code is available, increasing the risk of exploitation. This vulnerability allows attackers to potentially read, modify, or delete sensitive data within the application’s database.

Attack Chain

The attacker identifies the vulnerable endpoint /ajax.php?action=save_customer within the Pharmacy Sales and Inventory System 1.0 application.
The attacker crafts a malicious HTTP GET or POST request targeting the /ajax.php?action=save_customer endpoint.
The crafted request includes a manipulated ID parameter designed to inject SQL commands.
The application fails to properly sanitize the input provided in the ID parameter.
The application executes the attacker-supplied SQL code against the database.
The attacker can retrieve sensitive information, such as customer details, product information, or administrative credentials.
The attacker may modify existing data, such as prices or inventory levels.
The attacker may gain complete control of the database, potentially leading to full system compromise.

Impact

Successful exploitation of this SQL injection vulnerability (CVE-2026-7550) can lead to unauthorized access to sensitive data, data modification, or complete database compromise. This could result in financial losses, reputational damage, and legal repercussions for affected organizations. Given the nature of the application, attackers could potentially access patient data or prescription information, leading to severe privacy breaches.

Recommendation

Apply input validation and sanitization to the ID parameter in the /ajax.php?action=save_customer endpoint to prevent SQL injection attacks.
Monitor web server logs for suspicious requests targeting the /ajax.php?action=save_customer endpoint with unusual ID parameter values. Deploy the provided Sigma rule to detect potential exploitation attempts.
Consider using a Web Application Firewall (WAF) to filter out malicious requests targeting this vulnerability.
Upgrade to a patched version of the SourceCodester Pharmacy Sales and Inventory System once available.
Implement regular database backups to mitigate potential data loss due to successful exploitation.

SourceCodester Advanced School Management System SQL Injection Vulnerability

hello@craftedsignal.io — Fri, 01 May 2026 02:16:49 +0000

SourceCodester Advanced School Management System version 1.0 is vulnerable to SQL injection in the checkEmail endpoint within the commonController.php file. This vulnerability, identified as CVE-2026-7545, allows a remote attacker to inject arbitrary SQL commands. Publicly available exploits targeting this vulnerability increase the risk of exploitation. Successful exploitation could lead to unauthorized data access, modification, or deletion within the application’s database. Given the availability of public exploits, organizations using this software are at an elevated risk.

Attack Chain

The attacker identifies the checkEmail endpoint in commonController.php.
The attacker crafts a malicious HTTP request to the checkEmail endpoint, injecting SQL code into the email parameter.
The vulnerable application fails to properly sanitize the email input.
The injected SQL code is passed directly to the database query.
The database executes the malicious SQL code.
The attacker gains unauthorized access to the database.
The attacker may then read sensitive data, modify existing data, or insert new malicious data.
The attacker might also use this to escalate privileges within the application.

Impact

Successful exploitation of this SQL injection vulnerability (CVE-2026-7545) could allow an attacker to read, modify, or delete sensitive data stored in the Advanced School Management System database. This could include student records, financial information, or administrative credentials. The availability of public exploits increases the likelihood of attacks targeting this vulnerability, potentially impacting any organization using the affected software.

Recommendation

Apply input validation and sanitization to the checkEmail endpoint in commonController.php to prevent SQL injection attacks.
Deploy the Sigma rule Detect ASMS CheckEmail SQL Injection Attempt to identify exploitation attempts in web server logs.
Monitor web server logs for suspicious activity related to the checkEmail endpoint.

SourceCodester Pharmacy Sales and Inventory System SQL Injection Vulnerability

hello@craftedsignal.io — Tue, 28 Apr 2026 12:00:00 +0000

A SQL injection vulnerability has been identified in SourceCodester Pharmacy Sales and Inventory System version 1.0. The vulnerability resides within the /ajax.php?action=delete_category endpoint, where a manipulation of the ID argument can lead to arbitrary SQL command execution. This allows remote attackers to potentially bypass authentication, access sensitive data, modify database contents, or even compromise the entire system. Given the availability of a published exploit, this vulnerability poses a significant risk to organizations utilizing the affected software. Successful exploitation requires no authentication.

Attack Chain

Attacker identifies an instance of SourceCodester Pharmacy Sales and Inventory System 1.0.
Attacker crafts a malicious HTTP request targeting the /ajax.php?action=delete_category endpoint.
The attacker injects SQL code into the ID parameter of the request.
The application fails to properly sanitize the input, passing the malicious SQL code to the database.
The database executes the attacker-controlled SQL query.
Depending on the injected SQL, the attacker can read sensitive data from the database (e.g., user credentials, financial records).
The attacker could also modify data, such as altering inventory levels or creating unauthorized accounts.
Ultimately, the attacker could gain full control of the database and the application.

Impact

Successful exploitation of this SQL injection vulnerability could result in unauthorized access to sensitive patient data, financial records, and other confidential information stored within the Pharmacy Sales and Inventory System database. Attackers could potentially modify data, leading to incorrect inventory levels, fraudulent transactions, or even complete system compromise. This could result in significant financial losses, reputational damage, and legal repercussions for affected organizations. Given that the exploit is public, organizations using this software are at immediate risk.

Recommendation

Apply input validation and sanitization to the ID parameter within the /ajax.php?action=delete_category endpoint to prevent SQL injection (reference CVE-2026-7130).
Deploy the provided Sigma rule to detect suspicious requests to the /ajax.php?action=delete_category endpoint containing potential SQL injection attempts.
Implement regular security audits and penetration testing to identify and remediate vulnerabilities in web applications.
Restrict database access privileges to the minimum necessary for each user and application to limit the potential impact of a successful SQL injection attack.

SourceCodester Pharmacy Sales and Inventory System SQL Injection Vulnerability (CVE-2026-7199)

hello@craftedsignal.io — Tue, 28 Apr 2026 00:16:26 +0000

A SQL injection vulnerability has been identified in SourceCodester Pharmacy Sales and Inventory System version 1.0. This vulnerability, assigned CVE-2026-7199, affects the /ajax.php?action=delete_product endpoint. Attackers can remotely exploit this vulnerability by manipulating the ID parameter. The vulnerability was published on April 27, 2026, and the exploit is now publicly available. Successful exploitation allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion. Due to the ease of exploitation and the sensitive nature of pharmacy data, this vulnerability poses a significant risk to organizations using the affected system.

Attack Chain

The attacker identifies a vulnerable instance of SourceCodester Pharmacy Sales and Inventory System 1.0.
The attacker crafts a malicious HTTP request targeting the /ajax.php?action=delete_product endpoint.
The attacker injects SQL code into the ID parameter of the request.
The server-side application fails to properly sanitize the input, passing the malicious SQL code to the database.
The database executes the injected SQL code, potentially allowing the attacker to bypass authentication, access sensitive data, modify database records, or execute system commands.
The attacker retrieves sensitive data, such as patient information, prescription details, or financial records.
The attacker may escalate privileges within the application and the underlying system.
The attacker can then exfiltrate the compromised data or maintain persistent access to the system for future attacks.

Impact

Successful exploitation of this SQL injection vulnerability can lead to a complete compromise of the Pharmacy Sales and Inventory System. This can result in the theft of sensitive patient data, financial records, and other confidential information. The vulnerability allows attackers to potentially modify or delete critical data, leading to disruption of pharmacy operations, financial losses, and regulatory penalties. As the exploit is publicly available, the likelihood of widespread exploitation is high, impacting any organization using the vulnerable version of the software.

Recommendation

Apply the Sigma rule Detecting SQL Injection Attempts via URI to identify potential exploitation attempts against the /ajax.php?action=delete_product endpoint.
Inspect web server logs for requests to /ajax.php?action=delete_product containing suspicious characters or SQL keywords in the ID parameter, as detected by the Detecting SQL Injection in Pharmacy System Sigma rule.
Implement input validation and sanitization measures to prevent SQL injection vulnerabilities in the SourceCodester Pharmacy Sales and Inventory System, mitigating the underlying issue.
Restrict access to the database server and sensitive data to only authorized personnel, reducing the potential impact of a successful SQL injection attack.
Monitor database logs for suspicious activity, such as unauthorized data access or modification, which may indicate successful exploitation of CVE-2026-7199.

SourceCodester Pharmacy Sales and Inventory System SQL Injection Vulnerability

hello@craftedsignal.io — Mon, 27 Apr 2026 06:16:03 +0000

SourceCodester Pharmacy Sales and Inventory System version 1.0 is susceptible to SQL injection. The vulnerability resides in the /ajax.php?action=save_receiving file, where manipulation of the ID argument can lead to arbitrary SQL command execution. This vulnerability allows remote attackers to compromise the application’s database. The exploit is publicly available, increasing the risk of exploitation. This vulnerability allows attackers to read, modify, or delete sensitive data, potentially leading to complete system compromise.

Attack Chain

The attacker identifies a vulnerable instance of SourceCodester Pharmacy Sales and Inventory System version 1.0.
The attacker crafts a malicious HTTP request targeting the /ajax.php?action=save_receiving endpoint.
The attacker injects a SQL payload into the ID parameter of the request.
The web server processes the request and passes the injected SQL query to the database.
The database executes the malicious SQL query, potentially returning sensitive data to the attacker.
The attacker may use the SQL injection to bypass authentication, allowing them to access administrative functions.
The attacker may use the SQL injection to modify inventory data, manipulate sales records, or create fraudulent transactions.
The attacker may use the SQL injection to exfiltrate sensitive data such as customer information, financial records, and administrator credentials.

Impact

Successful exploitation of this SQL injection vulnerability can lead to unauthorized access to sensitive data, modification of inventory and sales records, and potentially full control of the application and underlying server. This could result in financial loss, reputational damage, and legal repercussions for affected organizations. Given the public availability of the exploit, the risk of widespread exploitation is high. The impact could include data breaches, financial fraud, and complete system compromise.

Recommendation

Deploy the Sigma rule Detecting SQL Injection Attempts via URI to identify malicious requests targeting the vulnerable endpoint.
Apply input validation and sanitization to the ID parameter in the /ajax.php?action=save_receiving file to prevent SQL injection attacks.
Monitor web server logs for suspicious activity, such as error messages or unusual requests targeting the /ajax.php?action=save_receiving endpoint (webserver log source).
Upgrade to a patched version of the application or implement a web application firewall (WAF) rule to block malicious requests.
Implement least privilege principles for database access to limit the impact of successful SQL injection attacks.

SourceCodester Hotel Management System SQL Injection Vulnerability

hello@craftedsignal.io — Wed, 03 Jan 2024 15:00:00 +0000

SourceCodester Hotel Management System version 1.0 is vulnerable to SQL injection. The vulnerability is located in the /index.php/reservation/check endpoint. Specifically, the room_type parameter is not properly sanitized, allowing for the injection of malicious SQL queries. This vulnerability can be exploited remotely and has been publicly disclosed, making it accessible to a wide range of threat actors. Successful exploitation allows attackers to read, modify, or delete sensitive data within the application’s database. This could lead to unauthorized access, data breaches, and potential disruption of hotel operations.

Attack Chain

An attacker identifies a vulnerable instance of SourceCodester Hotel Management System 1.0.
The attacker crafts a malicious HTTP GET or POST request targeting the /index.php/reservation/check endpoint.
The malicious request includes a SQL injection payload within the room_type parameter.
The application processes the request without proper sanitization of the room_type parameter.
The injected SQL code is executed against the application’s database.
The attacker extracts sensitive information from the database, such as user credentials, reservation details, or financial data.
The attacker may use the extracted credentials to gain unauthorized access to administrative panels.
The attacker may further compromise the system by modifying data, creating rogue accounts, or planting malicious code.

Impact

Successful exploitation of this SQL injection vulnerability can lead to significant data breaches, impacting both the hotel and its customers. Sensitive customer data, including personal information, reservation details, and payment information, could be exposed. The vulnerability could allow attackers to gain administrative access to the Hotel Management System, leading to further compromise of the system and potential disruption of hotel operations. Depending on the database configuration, the attacker may even be able to execute commands on the underlying operating system.

Recommendation

Deploy the provided Sigma rule to detect SQL injection attempts targeting the /index.php/reservation/check endpoint in web server logs.
Implement input validation and sanitization for all user-supplied input, especially the room_type parameter, to prevent SQL injection attacks.
Patch or upgrade to a secure version of SourceCodester Hotel Management System that addresses this SQL injection vulnerability. If a patch is unavailable, consider implementing a web application firewall (WAF) rule to filter out malicious requests.
Review and harden database security configurations to limit the privileges of the database user account used by the application.