Improper Authorization in SourceCodester Multi-Vendor Online Grocery Management System
CVE-2026-14690
Key Information:
- Vendor
Sourcecodester
- Vendor
- CVE Published:
- 5 July 2026
Badges
What is CVE-2026-14690?
A significant weakness has been identified in the SourceCodester Multi-Vendor Online Grocery Management System, specifically within the 'save_users' function of the 'classes/Users.php' file. This vulnerability allows for improper authorization, which could enable remote attackers to manipulate user permissions and potentially exploit the system. The exploit has been publicized, increasing the urgency for affected users to apply necessary mitigations and security measures.
Affected Version(s)
Multi-Vendor Online Grocery Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
