CVE-2026-14648
HighCVSS 7.3Summary
A SQL injection vulnerability has been found in the Online Voting System up to version 1.0 in the test_input function of /authentication.php (Login component). Manipulation of adminUserName/adminPassword arguments allows remote SQL injection. The exploit has been publicly disclosed.
Risk Assessment
An attacker can gain unauthorized access to the database, steal or modify user and vote data, compromising the integrity of the voting system.
Recommendation
Immediately update the system to the latest version or apply a security patch that sanitizes input in the test_input function. Until then, restrict access to /authentication.php.
Original NVD description (English source)
A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function test_input of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

