PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-14658 code-projects CVE debrief

CVE-2026-14658 is a SQL injection vulnerability detected in Assessment Management 1.0. The vulnerability affects an unknown code section of the /lecturer/marking-scheme.php file. The manipulation of the smarksrange[] argument results in SQL injection. The attack can be launched remotely, and the exploit is now public. The CVSS score for this vulnerability is 2.1, indicating a low severity. The CVE was published on July 4, 2026, and has not been modified since then.

Vendor
code-projects
Product
Assessment Management
CVSS
LOW 2.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-04
Original CVE updated
2026-07-04
Advisory published
2026-07-04
Advisory updated
2026-07-04

Who should care

Defenders of Assessment Management 1.0 should prioritize patching this vulnerability to prevent potential SQL injection attacks. Given the low CVSS score, it may not be a high priority, but it should still be addressed in a timely manner. The vulnerability's remote exploitability and public exploit availability increase its risk.

Technical summary

The CVE-2026-14658 vulnerability is a SQL injection issue in Assessment Management 1.0. It affects the /lecturer/marking-scheme.php file, specifically through manipulation of the smarksrange[] argument. The vulnerability has a CVSS score of 2.1 and a low severity rating. The attack vector is network-based, and the exploit is publicly available. The vulnerability was reported by an unknown vendor and has been categorized under CWE-74 and CWE-89.

Defensive priority

The defensive priority for CVE-2026-14658 is moderate. Although the CVSS score is low, the remote exploitability and public availability of the exploit increase the risk. Defenders should prioritize patching this vulnerability, especially if Assessment Management 1.0 is used in a network-exposed environment.

Recommended defensive actions

  • Patch the vulnerable Assessment Management 1.0 system
  • Implement additional monitoring for SQL injection attempts
  • Review and update the system's input validation and sanitization
  • Consider compensating controls, such as web application firewalls
  • Verify the system's inventory and track exceptions

Evidence notes

The evidence for CVE-2026-14658 comes from the NVD and CVE.org. The vulnerability was reported by an unknown vendor and has been categorized under CWE-74 and CWE-89. The CVSS score is 2.1, indicating a low severity. The exploit is publicly available, and the attack can be launched remotely.

Official resources

This article is AI-assisted and based on the supplied source corpus.