SQL Injection Vulnerability in Internship Management System by Code-Projects
CVE-2026-14700
Key Information:
- Vendor
Code-projects
- Vendor
- CVE Published:
- 5 July 2026
Badges
What is CVE-2026-14700?
A security vulnerability has been found in the Internship Management System version 1.0, specifically within the employer login endpoint located in the file employer/login.php. This vulnerability arises from improper handling of user input for the email and password arguments, allowing for SQL injection attacks. This issue enables attackers to manipulate SQL queries, potentially compromising sensitive data. The vulnerability is publicly documented, and remote exploitation is possible, which emphasizes the need for immediate action to update and secure affected systems.
Affected Version(s)
Internship Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
