CVE-2026-14694
MEDIUMCVSS v3.1: 6.3
Source data as of:
At a glance
- Severity
- MEDIUM
- CVSS
- 6.3 v3.1 · NVD
- EPSS
- EPSS not provided by FIRST.org for this CVE
- CISA KEV
- No
- Type
- Injection, SQL Injection · NVD CWE
- Attack conditions (CVSS vector)
- NetworkNo user interaction · Source: NVD Vector
- Published
- 2026-07-05 · Modified: 2026-07-05
- References
- Jump to references (6)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancel_order of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.
- Reference https://github.com/lee945/cve/issues/5
- Reference https://vuldb.com/cve/CVE-2026-14694
- Reference https://vuldb.com/submit/846834
- Reference https://vuldb.com/vuln/376290
- Reference https://vuldb.com/vuln/376290/cti
- Reference https://www.sourcecodester.com/