CVE-2026-7087: SourceCodester Pharmacy System SQLi Puts Data at Risk

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-74cwe-89
CVE-2026-7087: SourceCodester Pharmacy System SQLi Puts Data at Risk

The National Vulnerability Database has disclosed CVE-2026-7087, a high-severity SQL injection vulnerability in SourceCodester Pharmacy Sales and Inventory System 1.0. This flaw, rated 7.3 CVSSv3.1, resides in an unspecified function within the /ajax.php?action=save_sales file. Attackers can trigger the SQLi by manipulating the ID argument, leading to remote execution.

This isn’t a theoretical threat; an exploit for CVE-2026-7087 is publicly available. Any organization using this specific SourceCodester product is now a prime target. SQL injection vulnerabilities are a direct path to sensitive data exfiltration, database manipulation, and potentially full system compromise. The attacker’s calculus here is simple: find an exposed instance, inject, and extract.

Defenders need to understand the immediate risk. This isn’t just about data integrity; it’s about patient records, sales data, and inventory information being ripe for the taking. Given the public exploit, patching or mitigating this vulnerability is no longer a ‘should do’ — it’s a ‘must do’ right now.

What This Means For You

  • If your organization uses SourceCodester Pharmacy Sales and Inventory System 1.0, you are exposed to CVE-2026-7087 right now. Immediately identify all instances of this system, assess their internet exposure, and prepare for a rapid patch deployment or isolation strategy. Audit logs for suspicious database activity, especially around `/ajax.php?action=save_sales`.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component Initial Access T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-7087: SourceCodester Pharmacy System SQLi via ajax.php

Sigma YAML — free preview 
title: CVE-2026-7087: SourceCodester Pharmacy System SQLi via ajax.php
id: scw-2026-04-27-ai-1
status: experimental
level: high
description: |
  Detects exploitation attempts against SourceCodester Pharmacy Sales and Inventory System 1.0 by looking for SQL injection patterns within the 'ID' parameter of the '/ajax.php?action=save_sales' endpoint. This rule specifically targets the known vulnerability CVE-2026-7087.
author: SCW Feed Engine (AI-generated)
date: 2026-04-27
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-7087/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/ajax.php?action=save_sales'
      cs-uri-query|contains:
          - 'ID='
      cs-uri-query|contains:
          - 'UNION'
      cs-uri-query|contains:
          - 'SELECT'
      cs-uri-query|contains:
          - 'FROM'
      cs-method|exact:
          - 'GET'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-7087 SQLi SourceCodester Pharmacy Sales and Inventory System 1.0
CVE-2026-7087 SQLi Vulnerable file: /ajax.php?action=save_sales
CVE-2026-7087 SQLi Vulnerable argument: ID

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 27, 2026 at 09:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-7094: High-Severity SSRF in ShadowCloneLabs GlutamateMCPServers

CVE-2026-7094 — A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of...

vulnerabilityCVEhigh-severityserver-side-request-forgerycwe-918
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 4 IOCs /⚙ 3 Sigma

CVE-2026-7093 — Code-Projects Invoice System In Laravel Vulnerability

CVE-2026-7093 — A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/...

vulnerabilityCVEmedium-severitycwe-266cwe-285
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-7092 — Code-Projects Invoice System In Laravel Vulnerability

CVE-2026-7092 — A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the...

vulnerabilityCVEmedium-severitycwe-266cwe-285
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 2 Sigma