SQL Injection Vulnerability in SourceCodester Multi-Vendor Online Grocery Management System
CVE-2026-14694
Key Information:
- Vendor
Sourcecodester
- Vendor
- CVE Published:
- 5 July 2026
Badges
What is CVE-2026-14694?
A SQL injection vulnerability exists in the 'cancel_order' function of the Master.php file within SourceCodester's Multi-Vendor Online Grocery Management System version 1.0. An attacker can exploit this weakness by manipulating the ID argument in POST requests, enabling remote attackers to execute arbitrary SQL commands. The exploit has been made public, heightening the risk for users of this system who are urged to implement appropriate security measures.
Affected Version(s)
Multi-Vendor Online Grocery Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
