CVE-2026-7128: SQL Injection in SourceCodester Pharmacy System
The National Vulnerability Database has disclosed CVE-2026-7128, a critical SQL injection vulnerability affecting SourceCodester Pharmacy Sales and Inventory System version 1.0. The flaw resides in the file /ajax.php and can be triggered by manipulating the ID parameter. Attackers can exploit this remotely, posing a significant risk to data integrity and confidentiality.
This vulnerability, rated HIGH with a CVSS score of 7.3, allows unauthenticated attackers to inject malicious SQL code. The implications are severe, potentially leading to unauthorized data access, modification, or deletion within the pharmacy system. Given the public disclosure of the exploit, organizations running this specific software should assume active exploitation is possible or imminent.
Defenders must prioritize patching or isolating any instances of SourceCodester Pharmacy Sales and Inventory System 1.0. If patching is not immediately feasible, implement strict network segmentation and consider Web Application Firewall (WAF) rules to block suspicious requests targeting /ajax.php. Audit system logs for any signs of unauthorized access or data manipulation.
What This Means For You
- If your organization uses SourceCodester Pharmacy Sales and Inventory System 1.0, you must investigate and patch CVE-2026-7128 immediately. Audit your `/ajax.php` endpoint for any suspicious activity and review database logs for unauthorized access.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7128: SQL Injection in SourceCodester Pharmacy System ajax.php
title: CVE-2026-7128: SQL Injection in SourceCodester Pharmacy System ajax.php
id: scw-2026-04-27-ai-1
status: experimental
level: critical
description: |
Detects exploitation attempts against SourceCodester Pharmacy Sales and Inventory System 1.0 via the ajax.php file. Specifically targets the 'save_type' action and looks for SQL injection patterns within the 'id' parameter, such as 'OR 1=1', indicating a potential SQL injection attack as described in CVE-2026-7128.
author: SCW Feed Engine (AI-generated)
date: 2026-04-27
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7128/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/ajax.php?action=save_type'
cs-uri-query|contains:
- 'id=';
cs-uri-query|contains:
- 'OR 1=1'
condition: cs-uri AND cs-uri-query
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7128 | SQLi | SourceCodester Pharmacy Sales and Inventory System 1.0 |
| CVE-2026-7128 | SQLi | /ajax.php?action=save_type |
| CVE-2026-7128 | SQLi | manipulation of the argument ID |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 27, 2026 at 17:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7138: Critical Command Injection in Totolink Routers
CVE-2026-7138 — A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler....
Totolink Router RCE: CVE-2026-7137 Exposes Home and Small Business Networks
CVE-2026-7137 — A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI...
Totolink A8000RU Critical Command Injection Flaw (CVE-2026-7136)
CVE-2026-7136 — A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the...