CVE-2026-10248

SourceCodester Pharmacy Sales and Inventory System Supplier Creation export create_supplier csv injection

CVSS 5.1 MEDIUMEPSS 0.2%CWE-1236 CWE-74

Vexday Risk Score

33Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 5.1EPSS 0.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

01 Jun 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System up to 1.0. This issue affects the function create_supplier of the file /Export_csv/export of the component Supplier Creation Interface. This manipulation of the argument Address/Company Name causes csv injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

SourceCodester · Pharmacy Sales and Inventory System

public PoCs found — 1

cve_referencegithub.com/timeflies123/cve/issues/6unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/timeflies123/cve/issues/6 https://vuldb.com/cve/CVE-2026-10248 https://vuldb.com/submit/824029 https://vuldb.com/vuln/367526 https://vuldb.com/vuln/367526/cti https://www.sourcecodester.com/