A vulnerability identified as critical has been detected in code-projects Online Voting System 1.0. Impacted is the function test_input of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection.

This vulnerability is identified as CVE-2026-14649. The attack can be initiated remotely. There is not any exploit available.