{"cve_id":"CVE-2026-2198","summary":"A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficulty_id leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.","cvss":7.3,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.3,"epss":0.00012,"ranking_epss":0.01705,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://code-projects.org/","https://github.com/tiancesec/CVE/issues/19","https://vuldb.com/?ctiid.344901","https://vuldb.com/?id.344901","https://vuldb.com/?submit.750017"],"published_time":"2026-02-09T01:16:04","cpes":["cpe:2.3:a:fabian:online_reviewer_system:1.0"]}