CVE-2026-2221
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
Analysis
SQL injection in the login component of code-projects Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, which affects PHP-based installations of the Online Reviewer System. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: isolate affected Online Reviewer System instances from production environments or restrict network access to authorized users only; inventory all deployments of version 1.0. Within 7 days: implement Web Application Firewall rules to monitor and block suspicious login attempts; enable enhanced logging on authentication functions; conduct security assessment of login functionality. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today