Product
A remote SQL injection vulnerability (CVE-2026-14649) exists in code-projects Online Voting System version 1.0, located in the 'test_input' function within the '/saveVote.php' file, allowing an unauthenticated attacker to execute arbitrary SQL queries by manipulating 'voterName', 'voterEmail', 'voterID', or 'selectedCandidate' arguments.