CVE-2026-30573 — A Business Logic vulnerability exists in SourceCodester Pharmacy Product…

April 07, 2026 15:26 /HIGH

CVE Notify vulnerabilitycve

🚨 CVE-2026-30573 A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for s

Web-Security-PoCs/Pharmacy-Product-Management-System/Logic-AddSales-NegativePrice.md at main · meifukun/Web-Security-PoCs

github.com

What This Means For You

New vulnerability disclosed — verify if your stack is exposed.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access

🛡️ Detection Rules

1 rule · 6 SIEM formats

1 detection rule mapped to MITRE ATT&CK. Free Sigma YAML below.

high T1190 Initial Access

Web Application Exploitation Attempt — CVE-2026-30573

Sigma YAML — free preview

Source: Shimi's Cyber World · License & reuse

Indicators of Compromise

ID	Type	Indicator
CVE-2026-30573	Business Logic	SourceCodester Pharmacy Product Management System 1.0, add-sales.php, parameters 'txtprice' and 'txttotalcost' do not validate negative values.

Source & Attribution

Source Platform	Telegram
Channel	CVE Notify
Published	April 07, 2026 at 15:26 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

What This Means For You

Related ATT&CK Techniques

🛡️ Detection Rules

Web Application Exploitation Attempt — CVE-2026-30573

Indicators of Compromise

Related coverage

WordPress Ditty Plugin: Authorization Bypass Exposes Non-Public Content

CVE-2026-8692 — The Vedrixa Forms – User Registration Form, Signup Form &

CVE-2026-8684 — The MotoPress Hotel Booking plugin for WordPress is