{"cve_id":"CVE-2026-2220","summary":"A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btn_functions.php. Such manipulation of the argument difficulty_id leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.","cvss":7.3,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.3,"epss":0.00036,"ranking_epss":0.10562,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://code-projects.org/","https://github.com/tiancesec/CVE/issues/20","https://vuldb.com/?ctiid.344937","https://vuldb.com/?id.344937","https://vuldb.com/?submit.750020"],"published_time":"2026-02-09T07:16:18","cpes":["cpe:2.3:a:fabian:online_reviewer_system:1.0"]}