CVE-2026-2223
7.3 HIGHPublished 2026-02-09 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A SQL injection vulnerability in the Online Reviewer System 1.0 allows remote attackers to manipulate database queries. This is a serious flaw because it can be exploited easily over the network.
Who is affected
Anyone running the affected system is vulnerable. An attacker could steal, modify, or delete sensitive data from the application's database.
Recommended fix
Immediately apply any official patch from the vendor. If unavailable, implement strict input validation and use parameterized queries for the `/index.php` file handling the 'ID' parameter.
Technical Description
A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/take/index.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74