A vulnerability categorized as critical has been discovered in code-projects Online Voting System up to 0.x/1.0. This issue affects the function
test_input of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection.
This vulnerability is referenced as CVE-2026-14648. It is possible to launch the attack remotely. Furthermore, an exploit is available.