Back to VulnFeed / CVE-2026-14657
root@hackertop:~/vulnfeed/CVE-2026-14657#
CVE-2026-14657 MEDIUM SQLi/Injection ⚠ Unpatched · Zero-day◉ PoC 公开 Lifecycle 4/7

code-projects Assessment Management 1.0 Database Query marking-scheme.php squestions[] sql injection

Assessment Management 1.0 1d ago Impact pending confirmation
LIFECYCLE
5.7 CVSS
Vulnerability Detail Mitigation Lifecycle CVSS Assessment
Vulnerability Description
A vulnerability was found in code-projects Assessment Management 1.0 (Project Management Software). It has been rated as critical. Affected by this issue is some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Root Cause Analysis
The manipulation of the argument squestions[] with an unknown input leads to a unknown weakness. Using CWE to declare the problem leads to CWE-89. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

Impact: Impacted is confidentiality, integrity, and availability.

Exploit: The exploit is available at github.com. It is declared as proof-of-concept. By approaching the search of inurl:lecturer/marking-scheme.php it is possible to find vulnerable targets with Google Hacking.

Countermeasure: There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Validation (PoC/EXP) - Looking for Contributors
No public PoC yet

Public validation traces already exist. Community contributors can extend them with richer reproduction content.

Contribute Your PoC/EXP
Log in to contribute PoC/EXP content. Log in
Back to VulnFeed
CVE-2026-14657 · CVSS 5.7 · Active Threat