SourceCodester Pharmacy Product Management System Business Logic Vulnerability in Stock Management
Vulnerability
A business logic vulnerability has been identified in SourceCodester Pharmacy Product Management System version 1.0. The issue resides in the add-stock.php file, where the application improperly validates the 'txtqty' parameter during stock entry. This flaw allows negative values to be processed, causing the system to erroneously decrease inventory levels instead of increasing them. As a result, this vulnerability can lead to inventory corruption and potentially create a denial-of-service condition by depleting stock records.
Impact
Exploitation of this vulnerability allows for malicious reduction of stock levels, corruption of inventory records, and potential disruption of sales processes by emptying available stock.
Reproduction
To reproduce this vulnerability, deploy the Pharmacy Product Management System locally and log into the application. Navigate to the 'Add Stock' page and intercept the request using a proxy tool. Modify the 'txtqty' parameter to include a negative value, such as '-100', before sending the request.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.