CVE-2026-7549: SourceCodester Pharmacy System SQLi Vulnerability

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-74cwe-89
CVE-2026-7549: SourceCodester Pharmacy System SQLi Vulnerability

The National Vulnerability Database has identified CVE-2026-7549, a high-severity SQL injection flaw within SourceCodester Pharmacy Sales and Inventory System version 1.0. This vulnerability, rated 7.3 CVSS, allows remote attackers to manipulate the ID argument in the /ajax.php?action=delete_customer file, leading to unauthorized data access and manipulation. The National Vulnerability Database notes that exploit code for this vulnerability has been publicly released, increasing the immediate risk.

This isn’t just about a single system; it’s a stark reminder of fundamental web application security failures. SQL injection, categorized under CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-89 (Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)), remains a top vector for data breaches. The public availability of exploit code drastically lowers the barrier for entry, meaning even unsophisticated attackers can leverage this flaw.

For defenders, this means any organization utilizing SourceCodester Pharmacy Sales and Inventory System 1.0 must assume compromise or active targeting. The ease of exploitation and remote attack vector make this a critical vulnerability. Prioritize immediate review and mitigation, as this type of flaw often grants an attacker full database access, leading to sensitive customer, sales, and inventory data exfiltration or manipulation.

What This Means For You

  • If your organization uses SourceCodester Pharmacy Sales and Inventory System 1.0, assume it's exposed to CVE-2026-7549. Immediately assess your usage, isolate affected systems, and prepare for potential data compromise. Audit logs for suspicious activity, especially around customer deletion or database interactions.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component: Web Shell Persistence T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-7549: SourceCodester Pharmacy SQLi via ajax.php delete_customer

Sigma YAML — free preview 
title: CVE-2026-7549: SourceCodester Pharmacy SQLi via ajax.php delete_customer
id: scw-2026-05-01-ai-1
status: experimental
level: critical
description: |
  Detects attempts to exploit CVE-2026-7549 in SourceCodester Pharmacy Sales and Inventory System 1.0. This rule specifically looks for requests to '/ajax.php?action=delete_customer' containing SQL injection patterns like 'ID=' followed by 'OR' and 'SLEEP' in the query string, indicating a potential time-based blind SQL injection attack.
author: SCW Feed Engine (AI-generated)
date: 2026-05-01
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-7549/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      uri|contains:
          - '/ajax.php?action=delete_customer'
      cs-uri-query|contains:
          - 'ID=';
      cs-uri-query|contains:
          - 'OR'
      cs-uri-query|contains:
          - 'SLEEP'
      condition: uri AND cs-uri-query
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-7549 SQLi SourceCodester Pharmacy Sales and Inventory System 1.0
CVE-2026-7549 SQLi /ajax.php?action=delete_customer
CVE-2026-7549 SQLi argument ID

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 01, 2026 at 08:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-7553 — Code-Projects Gym Management System SQL Injection

CVE-2026-7553 — A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_exercises.php. The...

vulnerabilityCVEmedium-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /MEDIUM /4.7 /⚑ 3 IOCs /⚙ 2 Sigma

CVE-2026-7550: Remote SQLi Hits Pharmacy Sales and Inventory System

CVE-2026-7550 — A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=save_customer. The...

vulnerabilityCVEhigh-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 3 IOCs /⚙ 3 Sigma

Totolink NR1800X Command Injection (CVE-2026-7548) Publicly Exploitable

CVE-2026-7548 — A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument...

vulnerabilityCVEhigh-severitycommand-injectioncwe-74cwe-77
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 4 IOCs /⚙ 3 Sigma