Sourcecodester Online Reviewer System version 1.0 contains a flaw in questions-view.php that permits an attacker to inject arbitrary SQL statements. This weakness, identified as CWE‑89, can compromise the confidentiality, integrity, and availability of the application’s underlying database. If exploited, an adversary could bypass authentication controls, read sensitive user information, or tamper with stored data. The CVSS assessment rates this attack as low‑severity (2.7) but the potential impact on data integrity remains significant.

The vulnerability affects the Sourcecodester Online Reviewer System, a PHP‑based web application (v1.0). No other vendors or product editions are listed as impacted, and the affected component is the administration page located at /system/system/admins/assessments/examproper/questions-view.php.

Although the CVSS score indicates a low overall risk, the lack of a public exploit in the CISA KEV database suggests limited current exploitation. The EPSS score is not available, so the probability of immediate exploitation cannot be quantified. Based on the description, it is inferred that the attack vector is remote via HTTP requests to the vulnerable page, requiring access to the web application’s administrative interface.