SQL Injection Vulnerability in SourceCodester Multi-Vendor Online Grocery Management System
CVE-2026-14692
Key Information:
- Vendor
Sourcecodester
- Vendor
- CVE Published:
- 5 July 2026
Badges
What is CVE-2026-14692?
A SQL injection vulnerability is present in the POST parameter handling of source code for the Multi-Vendor Online Grocery Management System. The issue arises specifically within the save_shop_type function located in the classes/Master.php file. Malicious actors can exploit this weakness remotely, enabling unauthorized access to the underlying database. This vulnerability allows attackers to execute arbitrary SQL queries, potentially leading to data exposure or manipulation. As the exploit has been publicly disclosed, it is crucial for users to secure their systems against potential attacks.
Affected Version(s)
Multi-Vendor Online Grocery Management System 1.0
Multi-Vendor Online Grocery Management System 5.7.26
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
