CVE-2026-2195
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Analysis
SQL injection in code-projects Online Reviewer System 1.0 via the ID parameter in the questions-view.php file allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at active risk.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Isolate affected systems from production if possible; notify stakeholders and document current usage. Within 7 days: Implement network-level access controls restricting /system/system/admins/assessments/pretest/questions-view.php to authorized IPs; deploy WAF rules to block malicious payloads; enable enhanced logging on the application. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today