Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Online Reviewer System 1.0: SQL Injection via Test ID Input
CVE-2026-2912
Summary
Code-projects Online Reviewer System 1.0 has a security flaw that allows hackers to manipulate data. If exploited, this could lead to unauthorized access to sensitive information. To protect your data, update to a fixed version of the software as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| fabian | online_reviewer_system | 1.0 | – |
Original title
A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulati...
Original description
A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument test_id results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
nvd CVSS2.0
7.5
nvd CVSS3.1
9.8
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
- https://code-projects.org/ Product
- https://github.com/tiancesec/CVE/issues/25 Exploit Issue Tracking
- https://vuldb.com/?ctiid.347221 Permissions Required VDB Entry
- https://vuldb.com/?id.347221 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.755219 Third Party Advisory VDB Entry
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026