Product
A high-severity SQL injection vulnerability, identified as CVE-2026-14648, exists in the code-projects Online Voting System up to versions 0.x/1.0, allowing remote unauthenticated attackers to bypass authentication and execute arbitrary SQL commands by manipulating `adminUserName` or `adminPassword` parameters in the `/authentication.php` login component, with public exploit details increasing the risk of active exploitation.