CVE-2026-2912: code-projects Online Reviewer System studentresult-view.php sql injection
A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument test_id results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2026-2912?
CVE-2026-2912 has a high severity rating due to its potential for SQL injection, which could lead to unauthorized data access.
How do I fix CVE-2026-2912?
To fix CVE-2026-2912, sanitize and validate the 'test_id' parameter in the studentresult-view.php file to prevent SQL injection.
Which software is affected by CVE-2026-2912?
CVE-2026-2912 affects version 1.0 of the Code-projects Online Reviewer System.
What type of vulnerability is CVE-2026-2912?
CVE-2026-2912 is an SQL injection vulnerability that can be exploited through the studentresult-view.php file.
Can CVE-2026-2912 affect my application’s security?
Yes, if left unpatched, CVE-2026-2912 can severely compromise your application's security by allowing attackers to manipulate the database directly.