CVE-2026-10255

Summary

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function sell_statement of the file application/controllers/ShowForm.php. Such manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
SourceCodesterPharmacy Sales and Inventory System1.0affected

Weaknesses

  • CWE-284: Improper Access Controls
  • CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References