CVE-2026-14695

HIGH

SourceCodester Multi-Vendor Online Grocery Management System Registration Users.php save_client sql injection

Title source: cna
STIX 2.1

Description

A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_client of the file classes/Users.php of the component Registration Handler. The manipulation of the argument Name results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.

References (6)

Core 6
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-376291 | SourceCodester Multi-Vendor Online Grocery Management System Registration Users.php save_client sql injection
https://vuldb.com/vuln/376291
Signature, Permissions Required signature permissions-required
VDB-376291 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/376291/cti
Third Party Advisory third-party-advisory
CVE-2026-14695 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-14695
Third Party Advisory third-party-advisory
Submit #846835 | SourceCodester Multi-Vendor Online Grocery Management System 1.0 SQL Injection
https://vuldb.com/submit/846835
Exploit exploit issue-tracking
https://github.com/lee945/cve/issues/6

Scores

CVSS v3 7.3
EPSS 0.0026
EPSS Percentile 17.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-74 CWE-89
Status published
Products (1)
SourceCodester/Multi-Vendor Online Grocery Management System 1.0
Published Jul 05, 2026
Tracked Since Jul 05, 2026