Product
high
advisory
CVE-2026-14695: SourceCodester Multi-Vendor Online Grocery Management System SQL Injection
1 TTP 1 CVEA high-severity SQL injection vulnerability, CVE-2026-14695, exists in SourceCodester Multi-Vendor Online Grocery Management System 1.0, allowing remote attackers to manipulate the 'Name' argument within the `save_client` function of `classes/Users.php` to execute arbitrary SQL commands, with a public exploit available.
Multi-Vendor Online Grocery Management System 1.0
sql-injection
web-vulnerability
cve
sourcecodester
data-theft
1t
1c
high
advisory
CVE-2026-14690: Improper Authorization in SourceCodester Multi-Vendor Online Grocery Management System
3 TTPs 1 CVEA high-severity improper authorization vulnerability (CVE-2026-14690) in the `save_users` function of SourceCodester Multi-Vendor Online Grocery Management System 1.0 allows remote unauthenticated attackers to manipulate user accounts, potentially leading to privilege escalation or unauthorized access, with a public exploit readily available.
Multi-Vendor Online Grocery Management System 1.0
vulnerability
web-application
improper-authorization
cve
sourcecodester
3t
1c