CVE Catalog

CVE-2026-14648

HighCVSS 7.3
Published: Translated: NVD NIST

Summary

A SQL injection vulnerability has been found in the Online Voting System up to version 1.0 in the test_input function of /authentication.php (Login component). Manipulation of adminUserName/adminPassword arguments allows remote SQL injection. The exploit has been publicly disclosed.

Risk Assessment

An attacker can gain unauthorized access to the database, steal or modify user and vote data, compromising the integrity of the voting system.

Recommendation

Immediately update the system to the latest version or apply a security patch that sanitizes input in the test_input function. Until then, restrict access to /authentication.php.

Original NVD description (English source)

A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function test_input of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS