Product
A critical unauthenticated SQL injection vulnerability (CVE-2026-14700) in the 'employer/login.php' endpoint of code-projects Internship Management System 1.0 allows remote attackers to manipulate 'email' or 'password' arguments, potentially leading to unauthorized access and data compromise, with public exploit disclosure increasing risk.