SQL Injection Vulnerability in SourceCodester Multi-Vendor Online Grocery Management System
CVE-2026-14695
Key Information:
- Vendor
Sourcecodester
- Vendor
- CVE Published:
- 5 July 2026
Badges
What is CVE-2026-14695?
A SQL injection vulnerability exists in the SourceCodester Multi-Vendor Online Grocery Management System 1.0, specifically in the save_client function of the classes/Users.php file. This vulnerability allows an attacker to manipulate the 'Name' argument, enabling remote execution of SQL commands. This exploit has been publicly disclosed, posing a risk to users who have not mitigated the issue. It is crucial for organizations utilizing this system to implement security patches to protect against potential unauthorized database access.
Affected Version(s)
Multi-Vendor Online Grocery Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
