CVE-2026-10255— SourceCodester Pharmacy Sales and Inventory System ShowForm.php sell_statement access control
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10255
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SourceCodester Pharmacy Sales and Inventory System ShowForm.php sell_statement access control
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function sell_statement of the file application/controllers/ShowForm.php. Such manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SourceCodester | Pharmacy Sales and Inventory System | 1.0 | cpe:2.3:a:sourcecodester:pharmacy_sales_and_inventory_system:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-10255
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10255
请登录查看更多情报信息。
News Coverage for CVE-2026-10255 (1)
Other References for CVE-2026-10255 (1)
Same Patch Batch · SourceCodester · 2026-06-01 · 10 CVEs total
| CVE-2026-10263 | 7.3 HIGH | SourceCodester Computer Repair Shop Management System manage_product.php sql injection |
| CVE-2026-10236 | 7.3 HIGH | SourceCodester Water Billing Management System User Management Endpoint Users.php save imp |
| CVE-2026-10254 | 5.3 MEDIUM | SourceCodester Pet Grooming Management Software admin file information disclosure |
| CVE-2026-10248 | 4.7 MEDIUM | SourceCodester Pharmacy Sales and Inventory System Supplier Creation export create_supplie |
| CVE-2026-10237 | 4.7 MEDIUM | SourceCodester Water Billing Management System User Management manage_user sql injection |
| CVE-2026-10247 | 3.5 LOW | SourceCodester Pharmacy Sales and Inventory System main create_generic_name cross site scr |
| CVE-2026-10246 | 3.5 LOW | SourceCodester Pharmacy Sales and Inventory System main create_medicine_presentation cross |
| CVE-2026-10245 | 3.5 LOW | SourceCodester Pharmacy Sales and Inventory System main create_supplier cross site scripti |
| CVE-2026-10244 | 3.5 LOW | SourceCodester Pharmacy Sales and Inventory System main create_medicine_name cross site sc |
IV. Related Vulnerabilities
Same product: Pharmacy Sales and Inventory System
- CVE-2026-10248
SourceCodester Pharmacy Sales and Inventory System Supplier - CVE-2026-10247
SourceCodester Pharmacy Sales and Inventory System main crea - CVE-2026-10246
SourceCodester Pharmacy Sales and Inventory System main crea - CVE-2026-10245
SourceCodester Pharmacy Sales and Inventory System main crea - CVE-2026-10244
SourceCodester Pharmacy Sales and Inventory System main crea
Same vendor: SourceCodester
- CVE-2026-10263
SourceCodester Computer Repair Shop Management System manage - CVE-2026-10254
SourceCodester Pet Grooming Management Software admin file i - CVE-2026-10248
SourceCodester Pharmacy Sales and Inventory System Supplier - CVE-2026-10247
SourceCodester Pharmacy Sales and Inventory System main crea - CVE-2026-10246
SourceCodester Pharmacy Sales and Inventory System main crea
Same weakness: CWE-284
- CVE-2026-45266
Nextcloud: Unauthorized force-mute from missing permission c - CVE-2026-45157
Nextcloud: Valid share tokens allow to access tempory upload - CVE-2026-45154
Nextcloud: Improper Access Control in Collectives - CVE-2026-45264
Nextcloud: ACL Rename Permission Bypass in Team Folders Allo - CVE-2026-10152
TaleLin lin-cms-spring-boot book Endpoint BookController.jav
V. Comments for CVE-2026-10255
No comments yet