CVE Catalog

CVE-2026-14705

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

18th percentile — higher than 18% of all known CVEs

Summary

A SQL injection vulnerability was found in Online Examination 1.0 in the head.php file via the uname/password arguments. The attack can be launched remotely and the exploit has been publicly disclosed.

Risk Assessment

The risk involves the possibility of remote unauthorized SQL queries, potentially leading to data leakage, modification, or deletion from the database.

Recommendation

Immediately update the system to the latest version or apply a security patch, and implement input validation and parameterized SQL queries.

Original NVD description (English source)

A vulnerability was determined in code-projects Online Examination 1.0. Affected by this issue is some unknown functionality of the file head.php. Executing a manipulation of the argument uname/password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS