PT-2026-7073 · Unknown · Code-Projects Online Reviewer System

Shu For Security

Published

2026-02-09

Updated

2026-02-10

CVE-2026-2220

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Online Reviewer System version 1.0

Description A flaw exists in code-projects Online Reviewer System that allows for SQL injection. This occurs due to manipulation of the difficulty id argument within an unknown function of the file '/system/system/admins/assessments/pretest/btn functions.php'. The attack can be carried out remotely.

Recommendations Apply a fix to the vulnerable file '/system/system/admins/assessments/pretest/btn functions.php' to sanitize the difficulty id argument and prevent SQL injection.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-2220

Affected Products

Code-Projects Online Reviewer System

PT-2026-7073 · Unknown · Code-Projects Online Reviewer System

CVE-2026-2220

Weakness Enumeration

Related Identifiers

Affected Products

References · 9