Medium severity6.3NVD Advisory· Published May 9, 2023· Updated Apr 14, 2026

CVE-2023-2596

Description

A vulnerability was found in SourceCodester Online Reviewer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /reviewer/system/system/admins/manage/users/user-update.php of the component GET Parameter Handler. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228398 is the identifier assigned to this vulnerability.

Affected products

Janobe/Online Reviewer System
cpe:2.3:a:janobe:online_reviewer_system:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/rick13795/bug_report/blob/main/SQLi-1.mdnvdExploitThird Party Advisory
vuldb.comnvdPermissions RequiredThird Party AdvisoryVDB Entry
vuldb.comnvdPermissions RequiredThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000