Online Reviewer System
by Janobe
CVEs (20)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-41646 | Cri | 0.64 | 9.8 | 0.07 | Oct 29, 2021 | Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters.. | ||
| CVE-2021-27130 | Cri | 0.64 | 9.8 | 0.02 | Apr 14, 2021 | Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload. | ||
| CVE-2026-2912 | Hig | 0.47 | 7.3 | 0.00 | Feb 22, 2026 | A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument test_id results in sql injection. It is possible to launch the… | ||
| CVE-2026-2223 | Hig | 0.47 | 7.3 | 0.00 | Feb 9, 2026 | A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/take/index.php. The manipulation of the argument ID leads to sql injection. It is… | ||
| CVE-2026-2221 | Hig | 0.47 | 7.3 | 0.00 | Feb 9, 2026 | A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried… | ||
| CVE-2026-2220 | Hig | 0.47 | 7.3 | 0.00 | Feb 9, 2026 | A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btn_functions.php. Such manipulation of the argument difficulty_id leads to sql injection. The attack can be… | ||
| CVE-2026-2198 | Hig | 0.47 | 7.3 | 0.00 | Feb 9, 2026 | A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficulty_id leads to sql injection. It is possible to… | ||
| CVE-2026-2197 | Hig | 0.47 | 7.3 | 0.00 | Feb 9, 2026 | A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of the argument test_id causes sql injection. It is possible to initiate the… | ||
| CVE-2026-2196 | Hig | 0.47 | 7.3 | 0.00 | Feb 9, 2026 | A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments/pretest/exam-update.php. The manipulation of the argument test_id results in sql injection. The attack may be performed… | ||
| CVE-2026-2195 | Hig | 0.47 | 7.3 | 0.00 | Feb 9, 2026 | A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be… | ||
| CVE-2026-2166 | Hig | 0.47 | 7.3 | 0.00 | Feb 8, 2026 | A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack is… | ||
| CVE-2023-2596 | Med | 0.41 | 6.3 | 0.01 | May 9, 2023 | A vulnerability was found in SourceCodester Online Reviewer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /reviewer/system/system/admins/manage/users/user-update.php of the component GET Parameter Handler. The… | ||
| CVE-2026-2224 | Low | 0.23 | 3.5 | 0.00 | Feb 9, 2026 | A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. The manipulation of the argument firstname results in cross site scripting. It is possible to launch the… | ||
| CVE-2026-36920 | Low | 0.18 | 2.7 | 0.00 | Apr 13, 2026 | Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php. | ||
| CVE-2026-36919 | Low | 0.18 | 2.7 | 0.00 | Apr 13, 2026 | Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php. | ||
| CVE-2026-4972 | Low | 0.16 | 2.4 | 0.00 | Mar 27, 2026 | A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btn_functions.php. Such manipulation of the argument Description leads to cross site scripting.… | ||
| CVE-2026-2222 | Low | 0.16 | 2.4 | 0.00 | Feb 9, 2026 | A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php. Executing a manipulation of the argument firstname can lead to cross site… | ||
| CVE-2023-25431 | 0.00 | — | 0.00 | Feb 28, 2023 | An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php. | |||
| CVE-2023-1038 | 0.00 | — | 0.01 | Feb 26, 2023 | A vulnerability classified as critical has been found in SourceCodester Online Reviewer Management System 1.0. Affected is an unknown function of the file /reviewer_0/admins/assessments/pretest/questions-view.php. The manipulation of the argument id leads to sql injection. It is… | |||
| CVE-2021-44090 | 0.00 | — | 0.01 | Jan 20, 2022 | An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter. |
- risk 0.64cvss 9.8epss 0.07
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..
- risk 0.64cvss 9.8epss 0.02
Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload.
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument test_id results in sql injection. It is possible to launch the…
- risk 0.47cvss 7.3epss 0.00
A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/take/index.php. The manipulation of the argument ID leads to sql injection. It is…
- risk 0.47cvss 7.3epss 0.00
A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btn_functions.php. Such manipulation of the argument difficulty_id leads to sql injection. The attack can be…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficulty_id leads to sql injection. It is possible to…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of the argument test_id causes sql injection. It is possible to initiate the…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments/pretest/exam-update.php. The manipulation of the argument test_id results in sql injection. The attack may be performed…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be…
- risk 0.47cvss 7.3epss 0.00
A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack is…
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in SourceCodester Online Reviewer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /reviewer/system/system/admins/manage/users/user-update.php of the component GET Parameter Handler. The…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. The manipulation of the argument firstname results in cross site scripting. It is possible to launch the…
- risk 0.18cvss 2.7epss 0.00
Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php.
- risk 0.18cvss 2.7epss 0.00
Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php.
- risk 0.16cvss 2.4epss 0.00
A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btn_functions.php. Such manipulation of the argument Description leads to cross site scripting.…
- risk 0.16cvss 2.4epss 0.00
A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php. Executing a manipulation of the argument firstname can lead to cross site…
- CVE-2023-25431Feb 28, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php.
- CVE-2023-1038Feb 26, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in SourceCodester Online Reviewer Management System 1.0. Affected is an unknown function of the file /reviewer_0/admins/assessments/pretest/questions-view.php. The manipulation of the argument id leads to sql injection. It is…
- CVE-2021-44090Jan 20, 2022risk 0.00cvss —epss 0.01
An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter.