CVE-2026-36920
SQL Injection in Sourcecodester Online Reviewer System Questions View
Publication date: 2026-04-13
Last updated on: 2026-04-14
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| janobe | online_reviewer_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-36920 is an SQL injection vulnerability in Sourcecodester Online Reviewer System v1.0, specifically in the file /system/system/admins/assessments/examproper/questions-view.php.
The vulnerability occurs because the 'id' parameter in the URL is not properly sanitized or parameterized before being used in SQL queries, allowing an attacker to inject malicious SQL code.
An attacker can exploit this by crafting a specially designed URL that injects SQL commands, such as using a UNION-based attack to retrieve sensitive information like the database name.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This SQL injection vulnerability can be detected by testing the `id` parameter in the URL endpoint `/questions-view.php?id=` for injection flaws.
A common method is to use a crafted payload to see if the system is vulnerable to SQL injection, such as injecting a UNION-based query to extract database information.
An example payload to test this vulnerability is:
- /reviewer/system/system/admins/assessments/examproper/questions-view.php?id=5WC8HD' union select 1,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17--+
You can use tools like curl or a web browser to send this request and observe if the database name is returned, indicating a successful SQL injection.
For example, using curl:
- curl "http://[target]/reviewer/system/system/admins/assessments/examproper/questions-view.php?id=5WC8HD'%20union%20select%201,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17--+"
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Sanitize and validate all user inputs, especially the `id` parameter in `/questions-view.php`.
- Use prepared statements or parameterized queries in the PHP code to prevent SQL injection.
- Restrict database permissions to limit the impact of a potential injection.
- If possible, apply patches or updates from the vendor or source code provider.
- Monitor logs for suspicious activity related to SQL injection attempts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL injection vulnerability in the Sourcecodester Online Reviewer System v1.0 allows attackers to execute unauthorized database queries, potentially leading to unauthorized disclosure of sensitive data.
Such unauthorized data disclosure can result in non-compliance with data protection regulations and standards like GDPR and HIPAA, which require proper safeguarding of personal and sensitive information.
Because the vulnerability enables attackers to access or manipulate data without proper authorization, it undermines the confidentiality and integrity requirements mandated by these regulations.
How can this vulnerability impact me? :
This SQL injection vulnerability can lead to unauthorized disclosure of sensitive data stored in the database.
An attacker could retrieve confidential information, manipulate database contents, or potentially escalate their access within the system.
Such exploitation could compromise the integrity and confidentiality of the system and its data.