3 matches found
CVE-2026-14694
SourceCodester Multi-Vendor Online Grocery Management System 1.0 is affected. The issue lies in the cancel_order function (classes/Master.php, POST Parameter Handler) where manipulating the ID parameter enables SQL injection. The vulnerability can be exploited remotely and the exploit has been di...
EUVD-2026-41717
A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancelorder of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible...
CVE-2026-14693
SourceCodester Multi-Vendor Online Grocery Management System 1.0 contains a vulnerability in the cancel_order function (classes/Master.php) that allows improper authorization via remote manipulation. The issue has an exploit published and is considered exploitable with proof-of-concept maturity. ...