<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Online Examination 1.0 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/online-examination-1.0/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Sun, 05 Jul 2026 06:25:32 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/online-examination-1.0/feed.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-14705: SQL Injection in code-projects Online Examination 1.0</title><link>https://feed.craftedsignal.io/briefs/2026-07-code-projects-sql-injection/</link><pubDate>Sun, 05 Jul 2026 06:25:32 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-code-projects-sql-injection/</guid><description>A critical remote SQL injection vulnerability (CVE-2026-14705) exists in code-projects Online Examination 1.0, specifically within the `head.php` file, where manipulation of the `uname` or `password` arguments can lead to arbitrary SQL command execution, which has been publicly disclosed and can be exploited by an unauthenticated attacker.</description><content:encoded><![CDATA[<p>A remote SQL injection vulnerability, identified as CVE-2026-14705, has been discovered in version 1.0 of the code-projects Online Examination web application. This flaw resides within the <code>head.php</code> component, where insufficient sanitization of the <code>uname</code> (username) and <code>password</code> arguments allows an attacker to inject arbitrary SQL commands. This can lead to unauthorized data access, modification, or potential control over the database, thereby compromising the integrity and confidentiality of the examination system. The vulnerability is network-exploitable and does not require authentication, making it a significant risk. The exploit for this vulnerability has been publicly disclosed, increasing the likelihood of its utilization by malicious actors, and necessitating immediate attention from organizations running this specific software version.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated attacker identifies a publicly accessible instance of <code>code-projects Online Examination 1.0</code>.</li>
<li>The attacker crafts a malicious HTTP request (GET or POST) targeting the <code>head.php</code> endpoint of the application.</li>
<li>Within the HTTP request, the attacker injects SQL metacharacters and commands into the <code>uname</code> or <code>password</code> parameters.</li>
<li>The vulnerable <code>head.php</code> script processes the request without adequately sanitizing the input fields.</li>
<li>The backend database executes the attacker's injected SQL commands, often leading to authentication bypass, data exfiltration, or further database manipulation.</li>
<li>The attacker gains unauthorized access to the application's functionality, database records, or potentially elevates privileges within the database context.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-14705 could lead to severe consequences for organizations using code-projects Online Examination 1.0. Attackers can bypass authentication mechanisms, access sensitive student or exam data (e.g., personally identifiable information, test scores, questions), and potentially alter or delete critical database records. This could result in data breaches, academic fraud, reputational damage, and regulatory non-compliance. Given the public disclosure of the exploit, any internet-facing instance of the affected application is at immediate risk of exploitation, potentially affecting an unknown number of educational institutions or businesses using this platform.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately remove <code>code-projects Online Examination 1.0</code> from production environments or apply vendor-provided patches as soon as they become available to mitigate CVE-2026-14705.</li>
<li>Implement strong input validation and parameterized queries for all user-supplied input, especially for the <code>uname</code> and <code>password</code> fields, to prevent SQL injection attacks.</li>
<li>Deploy a Web Application Firewall (WAF) in front of web applications to detect and block malicious requests attempting to exploit CVE-2026-14705, specifically looking for SQL injection payloads.</li>
<li>Deploy the Sigma rule provided in this brief to your SIEM solution to detect attempted exploitation of this vulnerability.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>sql-injection</category><category>web-application</category><category>cve</category><category>initial-access</category></item></channel></rss>