CVE-2026-6188 PUBLISHED

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

• lingzezzz (VulDB User) reporter

• VDB-357110 | SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
• VDB-357110 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #797376 | sourcecodester Pharmacy Sales and Inventory System V1.0 SQL injection
• https://github.com/lingzezzz/lingze/issues/2
• https://www.sourcecodester.com/

• SQL Injection CWE
• Injection CWE