PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-14649 Code-Projects CVE debrief

A SQL injection vulnerability was detected in Code-Projects Online Voting System 1.0. The impacted function is test_input in the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in SQL injection. The attack can be initiated remotely. This vulnerability has a CVSS score of 6.9 and a severity of MEDIUM.

Vendor
Code-Projects
Product
Online Voting System 1.0
CVSS
MEDIUM 6.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-04
Original CVE updated
2026-07-04
Advisory published
2026-07-04
Advisory updated
2026-07-04

Who should care

Security teams and administrators responsible for Code-Projects Online Voting System 1.0 should prioritize patching this vulnerability to prevent potential SQL injection attacks. Additionally, developers and security researchers interested in web application security and SQL injection vulnerabilities should take note of this CVE.

Technical summary

The vulnerability is caused by improper input validation in the /saveVote.php file, specifically in the test_input function. An attacker can exploit this vulnerability by manipulating the voterName, voterEmail, voterID, and selectedCandidate arguments, allowing for SQL injection attacks. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

Patching this vulnerability is of medium priority due to its CVSS score of 6.9 and potential for remote exploitation. Security teams should prioritize patching this vulnerability to prevent potential SQL injection attacks.

Recommended defensive actions

  • Patch the vulnerability by applying the latest security updates to Code-Projects Online Voting System 1.0.
  • Conduct a thorough review of the /saveVote.php file and test_input function to ensure proper input validation and sanitization.
  • Implement additional security measures, such as web application firewalls and intrusion detection systems, to detect and prevent SQL injection attacks.
  • Perform regular security audits and vulnerability assessments to identify and address potential security issues.
  • Consider implementing a bug bounty program to encourage responsible disclosure of vulnerabilities.

Evidence notes

The CVE-2026-14649 vulnerability was detected in Code-Projects Online Voting System 1.0. The vulnerability is caused by improper input validation in the /saveVote.php file, specifically in the test_input function. The CVSS score for this vulnerability is 6.9, and the severity is MEDIUM. The attack can be initiated remotely.

Official resources

This article is AI-assisted and based on the supplied source corpus.