Shu For Security

**Name of the Vulnerable Software and Affected Versions** code-projects Online Reviewer System version 1.0 **Description** A flaw exists in code-projects Online Reviewer System 1.0 where manipulation of the `test id` argument in the processing of the file '/system/system/admins/assessments/pretest/exam-update.php' leads to a SQL injection. This issue can be exploited remotely. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Reviewer System version 1.0 **Description** A flaw exists in code-projects Online Reviewer System that allows for SQL injection. This occurs due to manipulation of the `difficulty id` argument within an unknown function of the file '/system/system/admins/assessments/pretest/btn functions.php'. The attack can be carried out remotely. **Recommendations** Apply a fix to the vulnerable file '/system/system/admins/assessments/pretest/btn functions.php' to sanitize the `difficulty id` argument and prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Reviewer System version 1.0 **Description** A security issue exists in code-projects Online Reviewer System 1.0. A manipulation of the `firstname` argument within the file '/system/system/admins/manage/users/btn functions.php' can lead to cross site scripting. This attack can be performed remotely. The exploit is publicly available. **Recommendations** Address the manipulation of the `firstname` argument in the file '/system/system/admins/manage/users/btn functions.php' to prevent cross site scripting.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Reviewer System version 1.0 **Description** A flaw exists in code-projects Online Reviewer System 1.0 where manipulation of the `ID` argument in the file /system/system/admins/assessments/pretest/questions-view.php can lead to SQL injection. This issue is remotely exploitable. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.