Skip to main content

Internship Management System

2 CVEs product

Monthly

CVE-2026-14701 LOW POC Monitor

SQL injection in code-projects Internship Management System 1.0 exposes authenticated employer accounts to database query manipulation via the `Current` parameter in the password change endpoint (`employer/details/change_password.php`). The flaw carries a CVSS 4.0 score of 5.3, is rooted in unsanitized PHP input passed directly into SQL queries (CWE-89), and has a publicly available proof-of-concept exploit on GitHub. No public exploit identified as confirmed in CISA KEV, but the combination of low attack complexity and public PoC meaningfully raises real-world exploitation likelihood against any internet-exposed deployment.

SQLi PHP Internship Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-14700 MEDIUM POC This Month

SQL injection in code-projects Internship Management System 1.0 permits unauthenticated remote attackers to manipulate the email and password parameters of employer/login.php, altering backend SQL query logic to bypass authentication or partially expose database contents. A proof-of-concept exploit has been publicly disclosed on GitHub, materially lowering the skill threshold for exploitation. The CVSS 4.0 score of 6.9 with PR:N and no attack complexity reflects straightforward unauthenticated access, though impact is bounded at Low across confidentiality, integrity, and availability - suggesting partial rather than full database compromise.

SQLi PHP Internship Management System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in code-projects Internship Management System 1.0 exposes authenticated employer accounts to database query manipulation via the `Current` parameter in the password change endpoint (`employer/details/change_password.php`). The flaw carries a CVSS 4.0 score of 5.3, is rooted in unsanitized PHP input passed directly into SQL queries (CWE-89), and has a publicly available proof-of-concept exploit on GitHub. No public exploit identified as confirmed in CISA KEV, but the combination of low attack complexity and public PoC meaningfully raises real-world exploitation likelihood against any internet-exposed deployment.

SQLi PHP Internship Management System
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in code-projects Internship Management System 1.0 permits unauthenticated remote attackers to manipulate the email and password parameters of employer/login.php, altering backend SQL query logic to bypass authentication or partially expose database contents. A proof-of-concept exploit has been publicly disclosed on GitHub, materially lowering the skill threshold for exploitation. The CVSS 4.0 score of 6.9 with PR:N and no attack complexity reflects straightforward unauthenticated access, though impact is bounded at Low across confidentiality, integrity, and availability - suggesting partial rather than full database compromise.

SQLi PHP Internship Management System
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy