CVE Catalog

CVE-2026-14692

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

A SQL injection vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. The issue affects the save_shop_type function in classes/Master.php, which mishandles POST parameters. The attack can be performed remotely and the exploit is publicly available.

Risk Assessment

The organization is at risk of unauthorized database access, potentially leading to data leakage, modification, or deletion. The public exploit increases the likelihood of rapid exploitation by attackers.

Recommendation

Immediately update the system to the latest version or apply a temporary fix such as input validation and sanitization in the save_shop_type function. It is also recommended to deploy a Web Application Firewall (WAF) and monitor logs for suspicious SQL queries.

Original NVD description (English source)

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function save_shop_type of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS