CVE-2026-36920 - Vulnerability Analysis
LowCVSS: 2.7Last Updated: April 14, 2026
Sourcecodester Online Reviewer System - SQL Injection
Published: April 13, 2026Updated: April 14, 2026PoC AvailableRemote Exploitable
Overview
Sourcecodester Online Reviewer System v1.0 contains a sql injection caused by unsanitized input in /system/system/admins/assessments/examproper/questions-view.php, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request.
Severity & Score
Severity: Low
CVSS Score: 2.7
Impact
Attackers can execute arbitrary SQL commands, potentially leading to data theft or modification.
Mitigation
Update to the latest version or apply patches to sanitize SQL inputs.
References
Related Resources
Details
- CVE ID
- CVE-2026-36920
- Severity
- Low
- CVSS Score
- 2.7
- Type
- sql_injection
- Status
- confirmed
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N