VYPR

Online Reviewer System

by Fabian

CVEs (12)

  • CVE-2026-2912HigFeb 22, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument test_id results in sql injection. It is possible to launch the…

  • CVE-2026-2223HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/take/index.php. The manipulation of the argument ID leads to sql injection. It is…

  • CVE-2026-2221HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried…

  • CVE-2026-2220HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btn_functions.php. Such manipulation of the argument difficulty_id leads to sql injection. The attack can be…

  • CVE-2026-2199HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. Performing a manipulation of the argument ID results in sql injection. The attack…

  • CVE-2026-2198HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficulty_id leads to sql injection. It is possible to…

  • CVE-2026-2197HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of the argument test_id causes sql injection. It is possible to initiate the…

  • CVE-2026-2196HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments/pretest/exam-update.php. The manipulation of the argument test_id results in sql injection. The attack may be performed…

  • CVE-2026-2195HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be…

  • CVE-2026-2166HigFeb 8, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack is…

  • CVE-2026-2224LowFeb 9, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. The manipulation of the argument firstname results in cross site scripting. It is possible to launch the…

  • CVE-2026-2222LowFeb 9, 2026
    risk 0.16cvss 2.4epss 0.00

    A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php. Executing a manipulation of the argument firstname can lead to cross site…