Description
Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php.
Published: 2026-04-13
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: SQL Injection
Action: Patch Now
AI Analysis

Impact

SQL injection occurs in the exam-update.php script of Sourcecodester Online Reviewer System v1.0. The script fails to properly sanitize user input, allowing an attacker to embed malicious SQL statements into the application's queries. If an attacker can reach this page, they could read, modify, or delete records in the exam database, leading to data theft or integrity loss.

Affected Systems

Sourcecodester Online Reviewer System version 1.0. The vulnerability is located in the file /system/system/admins/assessments/examproper/exam-update.php. No other vendors or product versions are reported as affected.

Risk and Exploitability

Because the flaw resides in an administrative page, the likely attack vector is remote via the exposed admin interface. The attacker probably needs valid administrator credentials to trigger the injection, although unauthenticated access could be possible if the site is misconfigured. No CVSS score or EPSS value is provided, and the vulnerability is not listed in the CISA KEV catalog, but the potential for data exfiltration and database corruption is high if the flaw is exploited.

Generated by OpenCVE AI on April 13, 2026 at 13:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify that Sourcecodester has released a patch or newer version of the Online Reviewer System that addresses the SQL injection; if so, apply it immediately.
  • If no patch is available, modify exam-update.php to use prepared statements or parameterized queries and validate all input before sending it to the database.
  • Limit access to the /system/system/admins/ directory to trusted IP addresses or enforce strict authentication, ensuring only authorized administrators can reach the vulnerable page.
  • Enable monitoring of database queries and web traffic for suspicious patterns, and consider deploying a web application firewall that blocks injection attempts.

Generated by OpenCVE AI on April 13, 2026 at 13:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Sourcecodester Online Reviewer System v1.0
Weaknesses CWE-89

Mon, 13 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Description Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-13T20:42:33.733Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36919

cve-icon Vulnrichment

Updated: 2026-04-13T20:42:30.600Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-13T13:16:41.783

Modified: 2026-04-13T21:16:26.993

Link: CVE-2026-36919

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:26:58Z

Weaknesses