Filtered by vendor Lalanachami
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-31071 | 1 Lalanachami | 1 Pharmacy Management System | 2026-05-20 | 9.1 Critical |
| API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records (including bcrypt password hashes) via /api/user/getUserData, modify drug inventory, and access private medical prescription data via /api/doctorOder. | ||||
| CVE-2026-31070 | 1 Lalanachami | 1 Pharmacy Management System | 2026-05-20 | 9.8 Critical |
| The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body | ||||
Page 1 of 1.