CVE Catalog

CVE-2026-14690

HighCVSS 7.3
Published: Translated: NVD NIST

Summary

A weakness in SourceCodester Multi-Vendor Online Grocery Management System 1.0 affects the save_users function in classes/Users.php, causing improper authorization. Remote exploitation is possible, and the exploit has been publicly disclosed.

Risk Assessment

The organization faces the risk of unauthorized access to user management functions, potentially allowing attackers to modify accounts, escalate privileges, or steal data.

Recommendation

Immediately update the system to the latest version or apply the available patch. Until then, restrict access to classes/Users.php and implement additional authorization controls.

Original NVD description (English source)

A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_users of the file classes/Users.php. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS