CVE-2026-2195
SQL Injection in code-projects Online Reviewer System 1.0 Allows Remote Exploitation
Publication date: 2026-02-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fabian | online_reviewer_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-2195 is a critical SQL injection vulnerability found in version 1.0 of the code-projects Online Reviewer System, specifically in the file /system/system/admins/assessments/pretest/questions-view.php.'}, {'type': 'paragraph', 'content': "The vulnerability occurs because the application improperly handles the 'ID' parameter, failing to neutralize special characters in the input. This allows an attacker to inject malicious SQL code."}, {'type': 'paragraph', 'content': 'Exploitation can be done remotely without any authentication, making it highly accessible. Attackers can use various SQL injection techniques such as Boolean-based blind, error-based, stacked queries, time-based blind, and UNION-based injections.'}, {'type': 'paragraph', 'content': 'The vulnerability is associated with CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) and is considered easy to exploit with publicly available proof-of-concept exploits.'}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to the database, allowing attackers to retrieve, modify, or delete sensitive data.
Attackers can manipulate SQL queries to perform unauthorized database operations, potentially gaining full control over the affected system.
The impact includes compromising the confidentiality, integrity, and availability of the system, which poses a significant risk to system security and business continuity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring HTTP requests targeting the vulnerable file `/system/system/admins/assessments/pretest/questions-view.php` with suspicious or malformed `id` parameters that may indicate SQL injection attempts.'}, {'type': 'paragraph', 'content': 'One method to identify vulnerable targets is using Google Dorking with the query: `inurl:system/system/admins/assessments/pretest/questions-view.php`.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts on your system, you can analyze web server logs for HTTP GET requests containing SQL injection payloads in the `id` parameter, such as:'}, {'type': 'list_item', 'content': "Boolean-based blind SQL injection payloads like `id=151' OR NOT 1056=1056 #`"}, {'type': 'list_item', 'content': "Error-based SQL injection payloads using MySQL functions, e.g., `id=151' AND GTID_SUBSET(CONCAT(...),3573)--`"}, {'type': 'list_item', 'content': "Stacked queries such as `id=151';SELECT SLEEP(5) #`"}, {'type': 'list_item', 'content': "Time-based blind SQL injection payloads like `id=151' AND (SELECT 5617 FROM (SELECT(SLEEP(5)))cdzI)--`"}, {'type': 'list_item', 'content': "UNION-based SQL injection payloads such as `id=151' UNION ALL SELECT NULL,...,CONCAT(...)`"}, {'type': 'paragraph', 'content': 'Commands to search for such patterns in web server logs might include using grep or similar tools, for example:'}, {'type': 'list_item', 'content': 'grep -i "questions-view.php" /var/log/apache2/access.log | grep -E "id=.*(\'|\\"|\\;|\\#)"'}, {'type': 'list_item', 'content': 'grep -i "id=.*(OR|AND|UNION|SELECT|SLEEP)" /var/log/apache2/access.log'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Replace or update the affected component, as no known countermeasures or patches are reported.
- Implement prepared statements with parameter binding to separate SQL code from user input, preventing SQL injection.
- Apply strict input validation and filtering on the `id` parameter to ensure it conforms to expected formats.
- Minimize database user privileges by avoiding use of high-privilege accounts (e.g., root or admin) for routine database operations.
- Monitor web server logs for suspicious requests targeting the vulnerable file and block malicious IPs if possible.