{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-3401","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-03-01T06:43:59.046Z","datePublished":"2026-03-02T00:02:10.449Z","dateUpdated":"2026-03-02T15:40:51.662Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-03-02T00:02:10.449Z"},"title":"SourceCodester Web-based Pharmacy Product Management System session expiration","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-613","lang":"en","description":"Session Expiration"}]}],"affected":[{"vendor":"SourceCodester","product":"Web-based Pharmacy Product Management System","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the attack is possible. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been made available to the public and could be used for attacks."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":2.3,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"LOW"}},{"cvssV3_1":{"version":"3.1","baseScore":3.1,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.1,"vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":2.1,"vectorString":"AV:N/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-03-01T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-03-01T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-03-01T07:49:19.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Hiran (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.348296","name":"VDB-348296 | SourceCodester Web-based Pharmacy Product Management System session expiration","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.348296","name":"VDB-348296 | CTI Indicators (IOB, IOC)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.762795","name":"Submit #762795 | SourceCodester Web-based-Pharmacy-Product-Management-System 1.0 Improper Access Controls","tags":["third-party-advisory"]},{"url":"https://github.com/hiranerakkot/Web-based-Pharmacy-Product-Management-System/blob/main/README.md","tags":["exploit"]},{"url":"https://www.sourcecodester.com/","tags":["product"]}],"tags":["x_freeware"]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-02T15:40:40.961767Z","id":"CVE-2026-3401","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-02T15:40:51.662Z"}}]}}