CVE-2026-2198
SQL Injection in code-projects Online Reviewer System 1.0 Allows Remote Exploit
Publication date: 2026-02-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fabian | online_reviewer_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-2198 is a critical SQL injection vulnerability in version 1.0 of the code-projects Online Reviewer System. It occurs in the file /system/system/admins/assessments/pretest/loaddata.php due to improper handling and insufficient validation of the difficulty_id parameter. This parameter is used directly in SQL queries without proper sanitization, allowing attackers to inject malicious SQL code remotely without authentication.'}, {'type': 'paragraph', 'content': "The vulnerability enables attackers to execute arbitrary SQL commands, potentially compromising the confidentiality, integrity, and availability of the system's database."}] [1, 2, 3]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'Exploitation of this vulnerability can lead to unauthorized database access, data leakage, data tampering, and full system control by attackers. It can also cause service disruption.'}, {'type': 'list_item', 'content': 'Attackers can retrieve, modify, or delete sensitive data.'}, {'type': 'list_item', 'content': "The system's confidentiality, integrity, and availability can be severely compromised."}, {'type': 'list_item', 'content': 'No authentication is required to exploit this vulnerability, increasing the risk.'}, {'type': 'list_item', 'content': 'The exploit is publicly available and can be launched remotely with ease.'}] [1, 2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by targeting the vulnerable parameter "difficulty_id" in the file /system/system/admins/assessments/pretest/loaddata.php with crafted SQL injection payloads. Tools like sqlmap can be used to automate detection by sending POST requests to the affected endpoint.'}, {'type': 'list_item', 'content': 'Use sqlmap with a crafted POST request targeting the difficulty_id parameter to confirm SQL injection.'}, {'type': 'list_item', 'content': 'Example payloads for manual testing include:'}, {'type': 'list_item', 'content': "- Boolean-based blind: difficulty_id=1' AND 5423=5423 #"}, {'type': 'list_item', 'content': "- Error-based: difficulty_id=1' AND GTID_SUBSET(CONCAT(0x716b6b6271,(SELECT (ELT(1556=1556,1))),0x716b706a71),1556)--"}, {'type': 'list_item', 'content': "- Stacked queries: difficulty_id=1';SELECT SLEEP(5) #"}, {'type': 'list_item', 'content': "- Time-based blind: difficulty_id=1' AND (SELECT 7097 FROM (SELECT(SLEEP(5)))IBTq)--"}, {'type': 'list_item', 'content': "- UNION query: difficulty_id=1' UNION ALL SELECT CONCAT(0x716b6b6271,0x667559417a68646e584e626d555851756553424346544576417173705154616d4e6171506764536d,0x716b706a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL #"}, {'type': 'paragraph', 'content': 'Additionally, vulnerable targets can be identified using Google dorking with queries such as inurl:system/system/admins/assessments/pretest/loaddata.php.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing secure coding practices and restricting database privileges.
- Use prepared statements with parameter binding to separate SQL code from user input, preventing SQL injection.
- Enforce strict input validation and filtering on the difficulty_id parameter to ensure it conforms to expected formats.
- Minimize database user privileges by avoiding the use of high-privilege accounts such as root or admin for routine database operations.
Since no authentication is required to exploit this vulnerability, these steps are critical to protect system integrity and data confidentiality.
If possible, replace the affected component with an alternative product or updated version that addresses this vulnerability.