microwaveabi/pharmacy-sqli-CVE-2026-7392

# Pharmacy Sales and Inventory System 1.0 - CVE-2026-7392 SQL Injection **SourceCodester Pharmacy Sales and Inventory System V1.0** (pure PHP/MySQL version) - **CVE**: CVE-2026-7392 - **Endpoint**: /ajax.php?action=delete_supplier (id parameter) - **Type**: SQL Injection (CWE-89) - **CVSS 3.1**: 6.3 Medium - **Author**: oretnom23 (SourceCodester, 2020-10-08) - **Default login**: admin / admin123 ## Vulnerable Code All database operations use extract($_POST) + direct string concatenation. ## Download Full Source https://github.com/microwaveabi/pharmacy-sqli-CVE-2026-7392/releases/tag/v1.0-vulnerable

标签：自定义脚本