VYPR

Online Reviewer System

by Janobe

CVEs (20)

  • CVE-2021-41646CriOct 29, 2021
    risk 0.64cvss 9.8epss 0.07

    Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..

  • CVE-2021-27130CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.02

    Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload.

  • CVE-2026-2912HigFeb 22, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument test_id results in sql injection. It is possible to launch the…

  • CVE-2026-2223HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/take/index.php. The manipulation of the argument ID leads to sql injection. It is…

  • CVE-2026-2221HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried…

  • CVE-2026-2220HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btn_functions.php. Such manipulation of the argument difficulty_id leads to sql injection. The attack can be…

  • CVE-2026-2198HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficulty_id leads to sql injection. It is possible to…

  • CVE-2026-2197HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of the argument test_id causes sql injection. It is possible to initiate the…

  • CVE-2026-2196HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments/pretest/exam-update.php. The manipulation of the argument test_id results in sql injection. The attack may be performed…

  • CVE-2026-2195HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be…

  • CVE-2026-2166HigFeb 8, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack is…

  • CVE-2023-2596MedMay 9, 2023
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in SourceCodester Online Reviewer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /reviewer/system/system/admins/manage/users/user-update.php of the component GET Parameter Handler. The…

  • CVE-2026-2224LowFeb 9, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. The manipulation of the argument firstname results in cross site scripting. It is possible to launch the…

  • CVE-2026-36920LowApr 13, 2026
    risk 0.18cvss 2.7epss 0.00

    Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php.

  • CVE-2026-36919LowApr 13, 2026
    risk 0.18cvss 2.7epss 0.00

    Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php.

  • CVE-2026-4972LowMar 27, 2026
    risk 0.16cvss 2.4epss 0.00

    A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btn_functions.php. Such manipulation of the argument Description leads to cross site scripting.…

  • CVE-2026-2222LowFeb 9, 2026
    risk 0.16cvss 2.4epss 0.00

    A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php. Executing a manipulation of the argument firstname can lead to cross site…

  • CVE-2023-25431Feb 28, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php.

  • CVE-2023-1038Feb 26, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in SourceCodester Online Reviewer Management System 1.0. Affected is an unknown function of the file /reviewer_0/admins/assessments/pretest/questions-view.php. The manipulation of the argument id leads to sql injection. It is…

  • CVE-2021-44090Jan 20, 2022
    risk 0.00cvss epss 0.01

    An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter.