CVE-2026-14694
SourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php cancel_order sql injection
Vexday Risk Score
30Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 5.3EPSS —KEV nãoPoC públicaNuclei —Metasploit —Patch —
Ciclo de vida
05 jul 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancel_order of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
SourceCodester · Multi-Vendor Online Grocery Management SystemPoCs públicas encontradas — 1
cve_referencegithub.com/lee945/cve/issues/5no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.