CVE-2026-14649
HighCVSS 7.3Summary
A SQL injection vulnerability was found in Online Voting System 1.0 in the /saveVote.php file. The test_input function fails to sanitize the voterName, voterEmail, voterID, and selectedCandidate arguments, allowing remote exploitation.
Risk Assessment
An attacker can remotely manipulate SQL queries, potentially leading to unauthorized database access, data leakage, or data modification.
Recommendation
Immediately update the system to the latest version or apply a patch that prevents SQL injection, such as using prepared statements or input validation.
Original NVD description (English source)
A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function test_input of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely.

