Description
A vulnerability was detected in code-projects Internship Management System 1.0. This affects an unknown function of the file employer/details/change_password.php of the component Password Change Endpoint. The manipulation of the argument Current results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
Problem types
Product status
Timeline
| 2026-07-04: | Advisory disclosed |
| 2026-07-04: | VulDB entry created |
| 2026-07-04: | VulDB entry last update |
Credits
SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (VulDB User)
References
vuldb.com/submit/846890
vuldb.com/vuln/376297 (VDB-376297 | code-projects Internship Management System Password Change Endpoint change_password.php sql injection)
vuldb.com/vuln/376297/cti (VDB-376297 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-14701 (CVE-2026-14701 | CVE Analysis and Report)
vuldb.com/submit/846890 (Submit #846890 | Internship Portal file `employer/details/change_password.php` contains a Time-Based Blind SQL Injection vulnerability v1.0 SQL Injection)
github.com/zzzxc643/CVE1/blob/main/assessment/vul8.md
code-projects.org/