CVE-2026-7550: Remote SQLi Hits Pharmacy Sales and Inventory System

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-74cwe-89
CVE-2026-7550: Remote SQLi Hits Pharmacy Sales and Inventory System

The National Vulnerability Database has detailed CVE-2026-7550, a high-severity SQL injection vulnerability impacting SourceCodester Pharmacy Sales and Inventory System version 1.0. The flaw resides in an unknown function within the /ajax.php?action=save_customer file, where manipulating the ID argument allows for remote SQL injection.

This is a critical issue. The exploit for CVE-2026-7550 is publicly disclosed, meaning attackers can immediately leverage it against unpatched systems. Given the nature of pharmacy and inventory systems, successful exploitation could lead to unauthorized access to sensitive customer data, inventory manipulation, and potentially broader system compromise. The CVSS score of 7.3 (High) reflects the network-based attack vector and the low attack complexity, requiring no user interaction or privileges.

Defenders must prioritize patching this system immediately. If direct patching isn’t feasible, organizations should implement stringent network segmentation and Web Application Firewall (WAF) rules to filter malicious input targeting the /ajax.php?action=save_customer endpoint. Assume compromise if this system is exposed and unpatched.

What This Means For You

  • If your organization uses SourceCodester Pharmacy Sales and Inventory System 1.0, you are directly exposed to CVE-2026-7550. This is a remote SQL injection with public exploit code. Patch this system immediately or take it offline. Audit logs for suspicious activity around `/ajax.php?action=save_customer` access.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component Initial Access T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-7550: SQL Injection in Pharmacy System ajax.php

Sigma YAML — free preview 
title: CVE-2026-7550: SQL Injection in Pharmacy System ajax.php
id: scw-2026-05-01-ai-1
status: experimental
level: critical
description: |
  Detects exploitation attempts against CVE-2026-7550 by looking for requests to the specific vulnerable endpoint '/ajax.php?action=save_customer' with a query string containing 'ID=' and common SQL injection keywords like 'OR', 'SELECT', and 'FROM'. This targets the SQL injection vulnerability in the SourceCodester Pharmacy Sales and Inventory System 1.0.
author: SCW Feed Engine (AI-generated)
date: 2026-05-01
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-7550/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/ajax.php?action=save_customer'
      cs-uri-query|contains:
          - 'ID=' 
      cs-uri-query|contains:
          - ' OR ' 
      cs-uri-query|contains:
          - 'SELECT'
      cs-uri-query|contains:
          - 'FROM'
      condition: cs-uri AND cs-uri-query
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-7550 SQLi SourceCodester Pharmacy Sales and Inventory System 1.0
CVE-2026-7550 SQLi Vulnerable file: /ajax.php?action=save_customer
CVE-2026-7550 SQLi Vulnerable parameter: ID

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 01, 2026 at 08:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-7553 — Code-Projects Gym Management System SQL Injection

CVE-2026-7553 — A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_exercises.php. The...

vulnerabilityCVEmedium-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /MEDIUM /4.7 /⚑ 3 IOCs /⚙ 2 Sigma

CVE-2026-7549: SourceCodester Pharmacy System SQLi Vulnerability

CVE-2026-7549 — A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_customer. Executing...

vulnerabilityCVEhigh-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 3 IOCs /⚙ 3 Sigma

Totolink NR1800X Command Injection (CVE-2026-7548) Publicly Exploitable

CVE-2026-7548 — A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument...

vulnerabilityCVEhigh-severitycommand-injectioncwe-74cwe-77
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 4 IOCs /⚙ 3 Sigma