A vulnerability described as critical has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function
save_client of the file classes/Users.php of the component Registration Handler. The manipulation of the argument Name results in sql injection.
This vulnerability is known as CVE-2026-14695. It is possible to launch the attack remotely. Furthermore, an exploit is available.