CVEFinder.io

CVE-2026-31071

🔶 medium
🔍 Scan for this CVE
Summary

API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records (including bcrypt password hashes) via /api/user/getUserData, modify drug inventory, and access private medical prescription data via /api/doctorOder.

CVSS Score
-
EPSS Score
-
Published Date
2026-05-19
First Seen: 2026-05-20
Last Modified 2026-05-19
Source NVD 🔗

📦 Affected Products 0

No affected products information available

🔗 References 2

https://gist.github.com/nedlir/bc8ad4693c53256819280...
https://github.com/LalanaChami/Pharmacy-Mangment-Sys...