SQL Injection Vulnerability in code-projects Online Voting System Login Component
CVE-2026-14648
Key Information:
- Vendor
Code-projects
- Status
- Vendor
- CVE Published:
- 4 July 2026
Badges
What is CVE-2026-14648?
A security vulnerability has been identified in the code-projects Online Voting System up to version 0.x/1.0. The issue resides in the Login component, specifically within the function test_input of the file /authentication.php. Manipulating the parameters adminUserName or adminPassword allows an attacker to execute a SQL injection attack remotely. This vulnerability has been publicly disclosed and poses a significant risk as it enables unauthorized access to sensitive data.
Affected Version(s)
Online Voting System 0.*
Online Voting System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
