| Título | SourceCodester Pharmacy Product Management System 1.0 Business Logic Errors |
|---|
| Descripción | A business logic vulnerability exists in Pharmacy Product Management System 1.0. The issue is located in the file add-sales.php. The application fails to validate the 'txtprice' and 'txttotalcost' POST parameters, allowing an authenticated attacker to submit negative values. This results in the recording of negative sales transactions, leading to the corruption of financial reports and revenue calculations. |
|---|
| Fuente | ⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Management-System/Logic-AddSales-NegativePrice.md |
|---|
| Usuario | Anonymous User |
|---|
| Sumisión | 2026-03-25 03:16 (hace 25 días) |
|---|
| Moderación | 2026-04-08 17:22 (15 days later) |
|---|
| Estado | Duplicado |
|---|
| Entrada de VulDB | 354680 [SourceCodester Pharmacy Product Management System 1.0 add-sales.php txtprice/txttotalcost escalada de privilegios] |
|---|
| Puntos | 0 |
|---|