Back to overview

CVE-2026-14690

HIGH
7.3
CVSS 3.1
Description
A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_users of the file classes/Users.php. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

Metadata

CVE ID
CVE-2026-14690
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-04 04:58 UTC
Published
2026-07-05 01:30 UTC
Last updated
2026-07-05 01:30 UTC
Primary CWE
CWE-285
Improper Authorization
Vendor / Product
SourceCodester / Multi-Vendor Online Grocery Management System
Sources
cve.org  ·  NVD

Severity & Metrics

7.3 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Affected products (1)
VendorProductPlatformVersions
SourceCodester Multi-Vendor Online Grocery Management System 1.0
Weakness (CWE)
CWESourceDescription
CWE-266 cna Incorrect Privilege Assignment
CWE-285 cna Improper Authorization
CVSS scores (4)
ScoreSeverityVersionSourceVector
7.5 N/D 2.0 cna AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
7.3 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
7.3 HIGH 3.0 cna CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.9 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
References (6)
Back to overview