Sourcecodester · Pharmacy Sales/Inventory System · CVE-2026-7549
**Name of the Vulnerable Software and Affected Versions**
SourceCodester Pharmacy Sales and Inventory System version 1.0
**Description**
A remote SQL injection exists in the '/ajax.php?action=delete customer' endpoint. This issue occurs when the `ID` argument is manipulated, allowing an attacker to interfere with the application's database queries.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.