CVE-2026-2195
📋 TL;DR
This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows attackers to manipulate database queries through the ID parameter in the questions-view.php file. Remote attackers can potentially access, modify, or delete sensitive data in the database. All deployments of Online Reviewer System 1.0 with the vulnerable file accessible are affected.
💻 Affected Systems
- code-projects Online Reviewer System
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to RCE chaining.
Likely Case
Unauthorized access to sensitive assessment data, user information, and potential privilege escalation within the application.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only error messages or minimal data exposure.
🎯 Exploit Status
Exploit details are publicly disclosed on GitHub, making weaponization likely. The vulnerability requires minimal technical skill to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://code-projects.org/
Restart Required: No
Instructions:
No official patch available. Check vendor website for updates. Consider implementing parameterized queries or input validation in the vulnerable file.
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd input validation and parameterized queries to the questions-view.php file to prevent SQL injection.
Edit /system/system/admins/assessments/pretest/questions-view.php to implement prepared statements with parameterized queries
Web Application Firewall (WAF)
allDeploy a WAF with SQL injection rules to block malicious requests targeting the vulnerable endpoint.
Configure WAF rules to block SQL injection patterns targeting /system/system/admins/assessments/pretest/questions-view.php
🧯 If You Can't Patch
- Restrict access to the vulnerable endpoint using network ACLs or authentication requirements
- Implement database user with minimal privileges to limit potential damage from successful exploitation
🔍 How to Verify
Check if Vulnerable:
Test the /system/system/admins/assessments/pretest/questions-view.php endpoint with SQL injection payloads in the ID parameter.Check Version:
Check application version in configuration files or admin panelVerify Fix Applied:
Verify that SQL injection payloads no longer execute and that parameterized queries are implemented in the PHP code.📡 Detection & Monitoring
Log Indicators:
- Unusual database queries from web server
- SQL error messages in application logs
- Multiple requests to questions-view.php with suspicious ID parameters
Network Indicators:
- HTTP requests to /system/system/admins/assessments/pretest/questions-view.php containing SQL keywords in parameters
SIEM Query:
source="web_server" AND uri="/system/system/admins/assessments/pretest/questions-view.php" AND (param="ID" AND value CONTAINS "UNION" OR value CONTAINS "SELECT" OR value CONTAINS "' OR '")