SQL Injection Vulnerability in Code-Projects Online Reviewer System by Code-Projects
CVE-2026-2223
Key Information:
- Vendor
Code-projects
- Status
- Vendor
- CVE Published:
- 9 February 2026
Badges
What is CVE-2026-2223?
A security vulnerability has been identified within the Online Reviewer System version 1.0 by Code-Projects. This issue is associated with a particular functionality in the file located at /system/system/students/assessments/pretest/take/index.php. An unvalidated manipulation of the argument ID could allow an attacker to execute SQL injection attacks. Such attacks can potentially be initiated remotely, posing a significant risk to the application's integrity and the confidentiality of its data. Since the details of this vulnerability have been disclosed publicly, it is critical for users to review their security measures and apply necessary patches to safeguard against possible exploits.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Online Reviewer System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved