CVE-2026-7130: Critical SQL Injection Flaw in Pharmacy System
The National Vulnerability Database has disclosed CVE-2026-7130, a critical SQL injection vulnerability affecting SourceCodester Pharmacy Sales and Inventory System version 1.0. The flaw resides in the /ajax.php script, specifically within a function triggered by manipulating the ‘ID’ argument. Attackers can exploit this remotely to inject malicious SQL commands, potentially leading to data theft or system compromise. The exploit is publicly available, increasing the immediate risk.
This vulnerability presents a significant risk to any organization utilizing this specific pharmacy management software. Given the sensitive nature of pharmaceutical data, a successful SQL injection attack could result in the exposure of patient records, inventory details, and sales information. Defenders must prioritize patching or mitigating this vulnerability immediately, as attackers can leverage readily available exploit code.
Given the High CVSS score (7.3) and the remote, unauthenticated nature of this attack vector, immediate action is paramount. Organizations using this system should consider isolating the affected application, implementing strict input validation on the /ajax.php endpoint, and reviewing database logs for any suspicious activity. If patching is not immediately feasible, disabling the affected functionality or implementing a Web Application Firewall (WAF) with specific rules to block SQL injection attempts are critical interim measures.
What This Means For You
- If your organization uses SourceCodester Pharmacy Sales and Inventory System 1.0, verify that the `/ajax.php` endpoint is secured against SQL injection. Audit your system for unauthorized access or data exfiltration, and apply any available patches or security configurations immediately.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7130: SQL Injection in Pharmacy System ajax.php delete_category
title: CVE-2026-7130: SQL Injection in Pharmacy System ajax.php delete_category
id: scw-2026-04-27-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-7130 by targeting the delete_category action in ajax.php with a SQL injection payload. The rule specifically looks for the vulnerable URI path and common SQL injection patterns within the ID parameter.
author: SCW Feed Engine (AI-generated)
date: 2026-04-27
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7130/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/ajax.php?action=delete_category'
cs-uri-query|contains:
- 'ID='
cs-uri-query|contains:
- 'OR'
cs-uri-query|contains:
- '1=1'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7130 | Vulnerability | CVE-2026-7130 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 27, 2026 at 17:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7138: Critical Command Injection in Totolink Routers
CVE-2026-7138 — A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler....
Totolink Router RCE: CVE-2026-7137 Exposes Home and Small Business Networks
CVE-2026-7137 — A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI...
Totolink A8000RU Critical Command Injection Flaw (CVE-2026-7136)
CVE-2026-7136 — A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the...