CVE-2026-14700 in Internship Management Systeminfo

Summary

by MITRE • 07/05/2026

A security vulnerability has been detected in code-projects Internship Management System 1.0. The impacted element is an unknown function of the file employer/login.php of the component Employer Login Endpoint. The manipulation of the argument email/password leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/05/2026

The security vulnerability identified in code-projects Internship Management System 1.0 represents a critical sql injection flaw within the employer login endpoint functionality. This vulnerability exists in the employer/login.php file where user authentication credentials are processed through an unknown function that fails to properly sanitize input parameters. The specific attack vector involves manipulation of email and password arguments passed to the system, creating an opportunity for malicious actors to execute unauthorized database queries.

This sql injection vulnerability operates at the application layer and presents a severe risk to the system's data integrity and confidentiality. The flaw allows remote attackers to inject malicious sql commands through the authentication interface without requiring prior authentication or privileged access. The public disclosure of exploitation techniques significantly increases the threat surface as adversaries can readily leverage known attack patterns against vulnerable installations. The vulnerability specifically targets the Employer Login Endpoint component, which serves as a primary entry point for organizational users seeking access to internship management functionalities.

The operational impact of this vulnerability extends beyond simple data theft to encompass complete database compromise and potential system takeover. Attackers could extract sensitive information including user credentials, internship records, student data, and potentially administrative configurations through carefully crafted sql injection payloads. The remote exploitation capability means that attackers need not have physical access to the network or system infrastructure to exploit this weakness. This vulnerability aligns with CWE-89 which categorizes sql injection as a persistent security flaw in application code where user input is directly incorporated into sql queries without proper sanitization or parameterization.

The threat landscape for this vulnerability is particularly concerning given that exploitation techniques have been publicly disclosed and are readily available to malicious actors. This public availability of exploit code significantly reduces the barrier to entry for potential attackers and increases the probability of successful exploitation across multiple installations. The vulnerability affects the authentication mechanism specifically, potentially allowing unauthorized access to employer accounts and subsequent privileges within the internship management system. Security professionals should consider this issue in relation to ATT&CK technique T1190 which describes exploiting vulnerabilities in remote services.

Mitigation strategies for this sql injection vulnerability must include immediate implementation of parameterized queries or prepared statements throughout the application codebase, particularly in authentication functions. Input validation and sanitization mechanisms should be strengthened at all entry points where user data is processed, with special attention to credential handling components. The system should implement proper error handling that does not expose database structure information to end users, and access controls should be enforced through secure coding practices. Additionally, network-level protections such as web application firewalls and intrusion detection systems can provide additional layers of defense against sql injection attempts. Regular security assessments and code reviews focusing on input validation practices are essential for preventing similar vulnerabilities in future development cycles.

Responsible

VulDB

Disclosure

07/05/2026

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00263

KEV

no

Activities

low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!