Description
A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function test_input of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely.
Problem types
Product status
Timeline
| 2026-07-03: | Advisory disclosed |
| 2026-07-03: | VulDB entry created |
| 2026-07-03: | VulDB entry last update |
Credits
c4ttr4ck (VulDB User)
References
gist.github.com/c4ttr4ck/a29b2238099fa07b4f072c21123b55ef
vuldb.com/vuln/376162 (VDB-376162 | code-projects Online Voting System saveVote.php test_input sql injection)
vuldb.com/vuln/376162/cti (VDB-376162 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-14649 (CVE-2026-14649 | CVE Analysis and Report)
vuldb.com/submit/846330 (Submit #846330 | code-projects Online Voting System in PHP 1.0 SQL Injection)
gist.github.com/c4ttr4ck/a29b2238099fa07b4f072c21123b55ef
code-projects.org/