CVE-2026-14693
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0, affecting the cancel_order function in classes/Master.php. Manipulation of this function can lead to improper authorization. The attack can be performed remotely and an exploit has been published.
Risk Assessment
The organization is at risk of unauthorized order cancellation by a remote attacker, which can disrupt business processes and compromise data integrity.
Recommendation
Immediately update the system to the latest version or apply the available patch. If not available, temporarily restrict access to the cancel_order function via firewall rules or authentication.
Original NVD description (English source)
A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancel_order of the file classes/Master.php. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used.

