CVE-2026-6188

HIGH WAF: High

CVSS 7.3 Published: 2026-04-13

CWE-89

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

WAF Coverage Analysis

SQL Injection High WAF Coverage

OWASP: A03:2021 Injection

942xxx - SQL Injection

References

github.com
vuldb.com
vuldb.com
vuldb.com
www.sourcecodester.com

Back to CVE Database