CVE-2026-2196
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments/pretest/exam-update.php. The manipulation of the argument test_id results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
Analysis
SQL injection in code-projects Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the test_id parameter in the exam-update.php endpoint, enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Isolate affected systems from production or restrict network access to the /system/system/admins/assessments/pretest/exam-update.php endpoint. Within 7 days: Deploy Web Application Firewall rules to block malicious payloads targeting this endpoint, implement enhanced logging/monitoring, and conduct a security assessment of the Online Reviewer System for unauthorized access. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today