CVE-2026-2195
7.3 HIGHPublished 2026-02-09 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A SQL injection vulnerability in the Online Reviewer System 1.0 allows remote attackers to manipulate database queries. This is a serious flaw because it can be easily exploited over the network.
Who is affected
All users running the affected version of the system are at risk. An attacker could steal, modify, or delete sensitive data from the application's database.
Recommended fix
Immediately apply any official patch from the vendor. If unavailable, implement strict input validation and parameterized queries for the `ID` parameter in the `/system/system/admins/assessments/pretest/questions-view.php` file.
Technical Description
A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74