Description
A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_client of the file classes/Users.php of the component Registration Handler. The manipulation of the argument Name results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Problem types
Product status
Timeline
| 2026-07-04: | Advisory disclosed |
| 2026-07-04: | VulDB entry created |
| 2026-07-04: | VulDB entry last update |
Credits
cHr1s (VulDB User)
References
vuldb.com/vuln/376291 (VDB-376291 | SourceCodester Multi-Vendor Online Grocery Management System Registration Users.php save_client sql injection)
vuldb.com/vuln/376291/cti (VDB-376291 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-14695 (CVE-2026-14695 | CVE Analysis and Report)
vuldb.com/submit/846835 (Submit #846835 | SourceCodester Multi-Vendor Online Grocery Management System 1.0 SQL Injection)
github.com/lee945/cve/issues/6
www.sourcecodester.com/