CVE-2026-2220 | code-projects Online Reviewer System 1.0 btn_functions.php difficulty_id sql injection

Inserito da Angelo Barbosa | Feb 8, 2026 | CVE

A vulnerability was found in code-projects Online Reviewer System 1.0 and classified as critical. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btn_functions.php. Such manipulation of the argument difficulty_id leads to sql injection.

This vulnerability is documented as CVE-2026-2220. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-2220 | code-projects Online Reviewer System 1.0 btn_functions.php difficulty_id sql injection

Post correlati

CVE-2025-22880 | Delta Electronics CNCSoft-G2 2.0.0.5/2.1.0.4/2.1.0.10 heap-based overflow (PCSA-2025-00002)

CVE-2025-66420 | Tryton sao up to 6.0.66/7.0.37/7.4.18/7.6.8 HTML Attachment HTML injection (Issue 14290)

CVE-2024-52032 | Mattermost up to 9.11.2/10.0.0 Channel Name information disclosure

CVE-2025-1578 | PHPGurukul Online Shopping Portal 2.1 /search-result.php product sql injection