Test-User

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pharmacy Sales and Inventory System version 1.0 **Description** A remote cross-site scripting issue exists in the `supplier` function within the '/index.php?page=supplier' endpoint. This occurs when the `Name` argument is manipulated, allowing for the execution of malicious scripts in the user's browser. **Recommendations** As a temporary workaround, avoid using the `Name` argument in the '/index.php?page=supplier' endpoint until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pharmacy Sales and Inventory System version 1.0 **Description** An issue exists in the `delete expired()` function within the '/ajax.php?action=delete expired' endpoint. Remote attackers can perform SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution, by manipulating the `ID` argument. **Recommendations** Restrict access to the '/ajax.php?action=delete expired' endpoint or avoid using the `ID` argument until a fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pharmacy Sales and Inventory System version 1.0 **Description** A security flaw allows remote attackers to perform SQL injection, which is a technique used to manipulate a database by inserting malicious SQL code into a query. This issue occurs within the `save expired()` function located in the '/ajax.php?action=save expired' endpoint through the manipulation of the `ID` variable. **Recommendations** As a temporary workaround, restrict access to the '/ajax.php?action=save expired' endpoint or avoid using the `ID` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.