A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0 . Affected is an unknown function of the file /product_expiry/edit-admin.php . Such manipulation of the argument ID leads to sql injection. This vulnerability is referenced as CVE-2026-7746 . It is possible to launch the attack remotely. Furthermore, an exploit is available.