Impact
The vulnerability resides in the save_users function of SourceCodester Multi‑Vendor Online Grocery Management System 1.0. This flaw allows a remote attacker to bypass existing authorization checks, enabling creation or modification of user accounts without proper privileges. The weakness falls under CWE‑266 (Improper Privilege Management) and CWE‑285 (Improper Authorization). If exploited, an attacker could gain administrative control over the system, compromise user data, and disrupt operations by altering or deleting critical records.
Affected Systems
SourceCodester Multi‑Vendor Online Grocery Management System version 1.0 is affected. No other product versions are listed as impacted.
Risk and Exploitability
The CVSS score of 6.9 indicates a moderate severity risk. With the exploit publicly available and remote exploitation possible, the risk to systems lacking the fix is significant. The EPSS score is not available and the vulnerability is not listed in CISA's KEV catalog, suggesting no widespread, time‑sensitive exploitation campaign is known. The likely attack vector is an unauthenticated web request to the save_users endpoint, allowing an attacker to inject malicious user data and elevate privileges.
OpenCVE Enrichment