Skip to content
Threat Feed
high advisory

CVE-2026-14660: SQL Injection in code-projects Online Job Portal 1.0

A critical SQL injection vulnerability (CVE-2026-14660) exists in code-projects Online Job Portal version 1.0, specifically within the 'login.php' file, allowing remote attackers to bypass authentication or exfiltrate data by manipulating 'txtUser' and 'txtPass' arguments, with a public exploit increasing immediate risk.

A significant SQL injection vulnerability, tracked as CVE-2026-14660, has been identified in version 1.0 of the code-projects Online Job Portal. This flaw resides within the login.php file, where improper neutralization of special elements in the txtUser and txtPass arguments allows for SQL injection. Attackers can remotely exploit this weakness without authentication, manipulating the database queries to bypass login mechanisms or extract sensitive information. The vulnerability has been publicly disclosed, including the availability of exploit code, which significantly elevates the immediate threat level. Organizations using this specific version of the Online Job Portal are at high risk of unauthorized access, data compromise, and potential system manipulation if exposed to the internet.

Attack Chain

  1. Initial Reconnaissance: An attacker identifies an instance of code-projects Online Job Portal 1.0 exposed on the internet.
  2. Vulnerability Identification: The attacker determines that the login.php endpoint is vulnerable to SQL injection through its txtUser and txtPass parameters.
  3. Craft Malicious Request: The attacker crafts an HTTP POST request targeting login.php, embedding SQL injection payloads (e.g., ' OR '1'='1) into the txtUser and/or txtPass fields.
  4. Injection Execution: The vulnerable login.php script processes the unvalidated input, inadvertently executing the malicious SQL query against the underlying database.
  5. Authentication Bypass/Information Disclosure: The malicious query either bypasses the authentication logic, granting the attacker unauthorized access, or extracts sensitive database content (e.g., user credentials, personal data).
  6. Post-Exploitation Activity: With unauthorized access, the attacker can then modify existing data, inject new data, or continue to exfiltrate further sensitive information from the database, potentially leading to complete data compromise.

Impact

Successful exploitation of CVE-2026-14660 can lead to severe consequences for organizations utilizing the affected Online Job Portal. Attackers can achieve unauthorized access to the application, potentially gaining administrative privileges, which allows for complete control over user accounts, job postings, and applicant data. This could result in the theft of sensitive personal identifiable information (PII), intellectual property, or confidential business data. The public availability of an exploit increases the likelihood of widespread exploitation by various threat actors, potentially affecting a broad range of small to medium-sized organizations using this specific project. Data manipulation could also lead to data integrity issues or service disruption.

Recommendation

  • Patch CVE-2026-14660 immediately by upgrading code-projects Online Job Portal to a patched version or applying vendor-supplied mitigations, as highlighted in the NVD entry and VulDB references.
  • Deploy the provided Sigma rule to your SIEM to detect attempts at SQL injection against your web applications.
  • Review web server logs for suspicious requests targeting login.php with SQL injection payloads, correlating with the patterns described in the detection rule.
  • Implement a Web Application Firewall (WAF) in front of your Online Job Portal to filter and block malicious SQL injection attempts before they reach the application.

Detection coverage 1

Detects CVE-2026-14660 Exploitation - SQL Injection in Online Job Portal

high

Detects CVE-2026-14660 exploitation — HTTP POST requests to '/login.php' containing common SQL injection patterns in the 'txtUser' or 'txtPass' query parameters.

sigma tactics: initial_access techniques: T1190, T1505 sources: webserver

Detection queries are available on the platform. Get full rules →

Indicators of compromise

3

domain

2

url

TypeValue
urlhttps://code-projects.org/
urlhttps://github.com/aiyuyuyu/cve/blob/main/job_portal_sql.md
domaincode-projects.org
domaingithub.com
domainvuldb.com