Product
A critical remote SQL injection vulnerability (CVE-2026-14705) exists in code-projects Online Examination 1.0, specifically within the `head.php` file, where manipulation of the `uname` or `password` arguments can lead to arbitrary SQL command execution, which has been publicly disclosed and can be exploited by an unauthenticated attacker.