Description
A vulnerability was identified in code-projects Online Examination 1.0. This affects an unknown part of the file /update.php?q=addquiz of the component Quiz Creation Feature. The manipulation of the argument name/total/right/wrong/time/tag/desc leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Problem types
Product status
Timeline
| 2026-07-04: | Advisory disclosed |
| 2026-07-04: | VulDB entry created |
| 2026-07-04: | VulDB entry last update |
Credits
SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (VulDB User)
References
vuldb.com/vuln/376302 (VDB-376302 | code-projects Online Examination Quiz Creation Feature update.php sql injection)
vuldb.com/vuln/376302/cti (VDB-376302 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-14706 (CVE-2026-14706 | CVE Analysis and Report)
vuldb.com/submit/847386 (Submit #847386 | SQL Injection Vulnerability in `update.php` of the Online Examination System v1.0 SQL Injection)
github.com/zzzxc643/CVE1/blob/main/project1/vul3.md
code-projects.org/