Online Reviewer System
Monthly
SQL injection in Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the test_id parameter in the student results view functionality, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.
SQL injection in code-projects Online Reviewer System 1.0 via the ID parameter in the assessment module allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in the login component of code-projects Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, which affects PHP-based installations of the Online Reviewer System. An attacker can exploit this to extract sensitive data, modify database contents, or potentially gain unauthorized system access.
SQL injection in code-projects Online Reviewer System 1.0 via the difficulty_id parameter in /system/system/admins/assessments/pretest/btn_functions.php allows unauthenticated remote attackers to manipulate database queries and potentially extract sensitive data or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in code-projects Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in the user deletion function, potentially leading to unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations vulnerable to active exploitation.
SQL injection in code-projects Online Reviewer System 1.0 via the difficulty_id parameter in /system/system/admins/assessments/pretest/loaddata.php allows remote attackers to execute arbitrary SQL queries without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could result in unauthorized data access, modification, or deletion within the application database.
SQL injection in code-projects Online Reviewer System 1.0 allows remote attackers to manipulate the test_id parameter in the exam-delete.php file, enabling unauthorized database access and modification without authentication. The vulnerability has public exploit code available and currently lacks a patch, posing an immediate risk to unpatched installations. Affected organizations using this system should prioritize mitigation strategies while awaiting official remediation.
SQL injection in code-projects Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the test_id parameter in the exam-update.php endpoint, enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in code-projects Online Reviewer System 1.0 via the ID parameter in the questions-view.php file allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at active risk.
SQL injection in the Online Reviewer System 1.0 login function allows unauthenticated remote attackers to manipulate username and password parameters, potentially enabling unauthorized database access and data modification. With public exploit code available and no patch released, this vulnerability poses an immediate risk to deployed instances.
SQL injection in Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the test_id parameter in the student results view functionality, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.
SQL injection in code-projects Online Reviewer System 1.0 via the ID parameter in the assessment module allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in the login component of code-projects Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, which affects PHP-based installations of the Online Reviewer System. An attacker can exploit this to extract sensitive data, modify database contents, or potentially gain unauthorized system access.
SQL injection in code-projects Online Reviewer System 1.0 via the difficulty_id parameter in /system/system/admins/assessments/pretest/btn_functions.php allows unauthenticated remote attackers to manipulate database queries and potentially extract sensitive data or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in code-projects Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in the user deletion function, potentially leading to unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations vulnerable to active exploitation.
SQL injection in code-projects Online Reviewer System 1.0 via the difficulty_id parameter in /system/system/admins/assessments/pretest/loaddata.php allows remote attackers to execute arbitrary SQL queries without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could result in unauthorized data access, modification, or deletion within the application database.
SQL injection in code-projects Online Reviewer System 1.0 allows remote attackers to manipulate the test_id parameter in the exam-delete.php file, enabling unauthorized database access and modification without authentication. The vulnerability has public exploit code available and currently lacks a patch, posing an immediate risk to unpatched installations. Affected organizations using this system should prioritize mitigation strategies while awaiting official remediation.
SQL injection in code-projects Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the test_id parameter in the exam-update.php endpoint, enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in code-projects Online Reviewer System 1.0 via the ID parameter in the questions-view.php file allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at active risk.
SQL injection in the Online Reviewer System 1.0 login function allows unauthenticated remote attackers to manipulate username and password parameters, potentially enabling unauthorized database access and data modification. With public exploit code available and no patch released, this vulnerability poses an immediate risk to deployed instances.