Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-14705— code-projects Online Examination head.php sql injection

CVSS 7.3 · High EPSS 0.26% · P18

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 1

VendorProductVersion RangeStatus
code-projectsOnline Examination1.0affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-14705

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
code-projects Online Examination head.php sql injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was determined in code-projects Online Examination 1.0. Affected by this issue is some unknown functionality of the file head.php. Executing a manipulation of the argument uname/password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
code-projectsOnline Examination 1.0 cpe:2.3:a:code-projects:online_examination:*:*:*:*:*:*:*:*

II. Public POCs for CVE-2026-14705

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-14705

登录查看更多情报信息。

Proof of Concept for CVE-2026-14705 (1)

Same Patch Batch · code-projects · 2026-07-05 · 18 CVEs total

CVE-2026-147477.3 HIGHcode-projects Real State Services addprojectsale.php sql injection
CVE-2026-147007.3 HIGHcode-projects Internship Management System Employer Login Endpoint login.php sql injection
CVE-2026-147357.3 HIGHcode-projects Smart Parking System parkings.php sql injection
CVE-2026-147437.3 HIGHcode-projects Real State Services normalHomeSale.php sql injection
CVE-2026-147447.3 HIGHcode-projects Real State Services normalHomeRent.php sql injection
CVE-2026-147457.3 HIGHcode-projects Real State Services single-list_rent.php sql injection
CVE-2026-147467.3 HIGHcode-projects Real State Services addprojectrent.php sql injection
CVE-2026-147697.3 HIGHcode-projects Real State Services pay.php sql injection
CVE-2026-147547.3 HIGHcode-projects Hotel and Tourism Reservation add_room.php sql injection
CVE-2026-147557.3 HIGHcode-projects Hotel and Tourism Reservation Reservations Management reservations.php sql i
CVE-2026-147567.3 HIGHcode-projects Hotel and Tourism Reservation Tour Management add_tour.php sql injection
CVE-2026-147627.3 HIGHcode-projects Hotel and Tourism Reservation Room Management rooms.php sql injection
CVE-2026-147637.3 HIGHcode-projects Hotel and Tourism Reservation Tour Reservations tour_reserves.php sql inject
CVE-2026-147647.3 HIGHcode-projects Hotel and Tourism Reservation Event Management add_event.php sql injection
CVE-2026-147687.3 HIGHcode-projects Real State Services builderHome.php sql injection
CVE-2026-147066.3 MEDIUMcode-projects Online Examination Quiz Creation Feature update.php sql injection
CVE-2026-147016.3 MEDIUMcode-projects Internship Management System Password Change Endpoint change_password.php sq

IV. Related Vulnerabilities

V. Comments for CVE-2026-14705

No comments yet


Leave a comment