CVE Catalog

CVE-2026-31071

Critical
Published: Translated: NVD NIST

Summary

The API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. This allows unauthenticated remote attackers to leak all user records and modify drug inventory.

Risk Assessment

The lack of authentication in the API poses a serious risk to user data security and system integrity, potentially leading to unauthorized access to sensitive medical information.

Recommendation

It is recommended to implement appropriate authentication middleware for all API endpoints to secure access to user data and operations on drug inventory.

Original NVD description (English source)

API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records (including bcrypt password hashes) via /api/user/getUserData, modify drug inventory, and access private medical prescription data via /api/doctorOder.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS