SQL Injection Vulnerability in code-projects Online Voting System by code-projects
CVE-2026-14649

6.9MEDIUM

Key Information:

Vendor
CVE Published:
4 July 2026

What is CVE-2026-14649?

A SQL injection vulnerability has been identified in the saveVote.php file of the code-projects Online Voting System 1.0. The vulnerability resides in the test_input function, where a remote attacker can craft malicious inputs for the parameters voterName, voterEmail, voterID, or selectedCandidate. This manipulation can compromise the database by allowing unauthorized access to sensitive voter information and potentially lead to data leakage or other malicious actions.

Affected Version(s)

Online Voting System 1.0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

c4ttr4ck (VulDB User)
.