Back to VulnFeed / CVE-2026-14658
root@hackertop:~/vulnfeed/CVE-2026-14658#
CVE-2026-14658 MEDIUM SQLi/Injection ⚠ Unpatched · Zero-day◉ PoC 公开 Lifecycle 4/7

code-projects Assessment Management 1.0 marking-scheme.php smarksrange[] sql injection

Assessment Management 1.0 1d ago Impact pending confirmation
LIFECYCLE
5.7 CVSS
Vulnerability Detail Mitigation Lifecycle CVSS Assessment
Vulnerability Description
A vulnerability was found in code-projects Assessment Management 1.0 (Project Management Software). It has been declared as critical. Affected by this vulnerability is an unknown code block of the file /lecturer/marking-scheme.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Root Cause Analysis
The manipulation of the argument smarksrange[] with an unknown input leads to a unknown weakness. The CWE definition for the vulnerability is CWE-89. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

Impact: As an impact it is known to affect confidentiality, integrity, and availability.

Exploit: It is possible to download the exploit at github.com. It is declared as proof-of-concept. By approaching the search of inurl:lecturer/marking-scheme.php it is possible to find vulnerable targets with Google Hacking.

Countermeasure: There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Validation (PoC/EXP) - Looking for Contributors
No public PoC yet

Public validation traces already exist. Community contributors can extend them with richer reproduction content.

Contribute Your PoC/EXP
Log in to contribute PoC/EXP content. Log in
Back to VulnFeed
CVE-2026-14658 · CVSS 5.7 · Active Threat