CVE-2026-14701 PUBLISHED

code-projects Internship Management System Password Change Endpoint change_password.php sql injection

Assigner: VulDB
Reserved: 04.07.2026 Published: 05.07.2026 Updated: 05.07.2026

A vulnerability was detected in code-projects Internship Management System 1.0. This affects an unknown function of the file employer/details/change_password.php of the component Password Change Endpoint. The manipulation of the argument Current results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
CVSS Score: 5.3

Product Status

Vendor code-projects
Product Internship Management System
Versions
  • Version 1.0 is affected

Credits

  • SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (VulDB User) reporter

References

Problem Types

  • SQL Injection CWE
  • Injection CWE