A vulnerability categorized as critical has been discovered in code-projects Online Examination 1.0. Affected by this issue is some unknown functionality of the file head.php. Executing a manipulation of the argument uname/password can lead to sql injection.

This vulnerability is registered as CVE-2026-14705. It is possible to launch the attack remotely. Furthermore, an exploit is available.