CVE Catalog

CVE-2026-14693

MediumCVSS 5.4
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0, affecting the cancel_order function in classes/Master.php. Manipulation of this function can lead to improper authorization. The attack can be performed remotely and an exploit has been published.

Risk Assessment

The organization is at risk of unauthorized order cancellation by a remote attacker, which can disrupt business processes and compromise data integrity.

Recommendation

Immediately update the system to the latest version or apply the available patch. If not available, temporarily restrict access to the cancel_order function via firewall rules or authentication.

Original NVD description (English source)

A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancel_order of the file classes/Master.php. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS