CVE-2026-14694
MEDIUMSourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php cancel_order sql injection
Title source: cnaDescription
A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancel_order of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References (6)
Core 6
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-376290 | SourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php cancel_order sql injection
https://vuldb.com/vuln/376290
Signature, Permissions Required signature
permissions-required
VDB-376290 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/376290/cti
Third Party Advisory third-party-advisory
CVE-2026-14694 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-14694
Third Party Advisory third-party-advisory
Submit #846834 | SourceCodester Multi-Vendor Online Grocery Management System 1.0 SQL Injection
https://vuldb.com/submit/846834
Exploit exploit
issue-tracking
https://github.com/lee945/cve/issues/5
Product product
https://www.sourcecodester.com/
Scores
CVSS v3
6.3
EPSS
0.0020
EPSS Percentile
10.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-74
CWE-89
Status
published
Products (1)
SourceCodester/Multi-Vendor Online Grocery Management System
1.0
Published
Jul 05, 2026
Tracked Since
Jul 05, 2026