A vulnerability marked as problematic has been reported in SourceCodester Pharmacy Sales and Inventory System up to 1.0 . This issue affects the function create_supplier of the file /Export_csv/export of the component Supplier Creation Interface . This manipulation of the argument Address/Company Name causes csv injection. This vulnerability is registered as CVE-2026-10248 . Remote exploitation of the attack is possible. Furthermore, an exploit is available.