CVE Catalog

CVE-2026-14649

HighCVSS 7.3
Published: Translated: NVD NIST

Summary

A SQL injection vulnerability was found in Online Voting System 1.0 in the /saveVote.php file. The test_input function fails to sanitize the voterName, voterEmail, voterID, and selectedCandidate arguments, allowing remote exploitation.

Risk Assessment

An attacker can remotely manipulate SQL queries, potentially leading to unauthorized database access, data leakage, or data modification.

Recommendation

Immediately update the system to the latest version or apply a patch that prevents SQL injection, such as using prepared statements or input validation.

Original NVD description (English source)

A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function test_input of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS