Sourcecodester Online Reviewer System version 1.0 contains a SQL Injection flaw within the file exam‑update.php. The weakness, identified as CWE‑89, permits an attacker who can supply crafted input to the web interface to append or replace SQL code executed against the database. Through successful exploitation an attacker could read, modify, or delete data stored by the application, potentially exposing confidential information or disrupting business operations.

The vulnerability affects the Online Reviewer System supplied by Sourcecodester, specifically version 1.0. The vulnerable component resides under \/system\/system\/admins\/assessments\/examproper\/exam-update.php.

The CVSS score of 2.7 indicates a low severity vulnerability, and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is likely exploitable via the web interface (remote attack vector), inferred from the location of the flaw in a publicly accessible PHP file. No patches or mitigations have been listed in the vendor’s advisory, and the issue is not present in the CISA KEV catalog. Even though the risk level is low, the nature of a SQL Injection flaw warrants timely remediation to prevent potential data loss or corruption.