A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0 . It has been rated as critical . This affects the function save_supplier of the file /ajax.php?action=save_supplier . This manipulation of the argument ID causes sql injection. This vulnerability is registered as CVE-2026-7391 . Remote exploitation of the attack is possible. Furthermore, an exploit is available.