← volver
CVE-2026-14694

SourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php cancel_order sql injection

CVSS 5.3 MEDIUMCWE-74CWE-89
Vexday Risk Score
30Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 5.3EPSS KEV nãoPoC públicaNuclei Metasploit Patch
Ciclo de vida
05 jul 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancel_order of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.