A vulnerability categorized as critical has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0 . This impacts the function delete_supplier of the file /ajax.php?action=delete_supplier . Such manipulation of the argument ID leads to sql injection. This vulnerability is documented as CVE-2026-7392 . The attack can be executed remotely. Additionally, an exploit exists.