CVE Catalog

CVE-2026-14700

HighCVSS 7.3
Published: Translated: NVD NIST

Summary

A SQL injection vulnerability has been found in code-projects Internship Management System 1.0 in the employer/login.php file. Remote manipulation of the email/password arguments allows SQL injection. The exploit is publicly disclosed.

Risk Assessment

The risk includes unauthorized database access, data leakage, and potential system compromise. The public exploit increases the likelihood of attacks.

Recommendation

Immediately implement parameterized queries or prepared statements in employer/login.php. Also update the system to the latest patched version when available.

Original NVD description (English source)

A security vulnerability has been detected in code-projects Internship Management System 1.0. The impacted element is an unknown function of the file employer/login.php of the component Employer Login Endpoint. The manipulation of the argument email/password leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS