{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-36919", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-13T20:42:33.733Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-04-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T12:35:59.211Z"}, "descriptions": [{"lang": "en", "value": "Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/hubdk01/bug_report/blob/main/Sourcecodester/online-reviewer-system/SQL-2.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T20:27:56.457629Z", "id": "CVE-2026-36919", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:42:33.733Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-36919", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T20:27:56.457629Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:42:30.600Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/hubdk01/bug_report/blob/main/Sourcecodester/online-reviewer-system/SQL-2.md"}], "descriptions": [{"lang": "en", "value": "Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T12:35:59.211Z"}}}, "cveMetadata": {"cveId": "CVE-2026-36919", "state": "PUBLISHED", "dateUpdated": "2026-04-13T20:42:33.733Z", "dateReserved": "2026-04-06T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-13T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:janobe:online_reviewer_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "063C94E3-E7C7-403E-BB13-0878AB4B70DC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php."}], "id": "CVE-2026-36919", "lastModified": "2026-04-14T11:52:16.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-13T13:16:41.783", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/hubdk01/bug_report/blob/main/Sourcecodester/online-reviewer-system/SQL-2.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "v1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "online_reviewer_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-14T14:51:14.770828+00:00", "value": {"mitigation_remediation": ["Verify that the system is indeed running version 1.0 of the Sourcecodester Online Reviewer System", "Apply any available vendor patch or update to version 1.0 or later", "If no patch exists, refactor the exam\u2011update.php code to use prepared statements or parameterized queries for all database interactions", "Limit the database user privileges to the minimum required for the application\n", "Sanitize all user input on the server side before it is incorporated into SQL statements", "Implement logging and monitoring for unusual database activity\n", "Restrict network access to the application to trusted users only"], "summary": {"action": "Apply Fix", "impact": "SQL Injection allowing unauthorized database manipulation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Online Reviewer System supplied by Sourcecodester, specifically version 1.0. The vulnerable component resides under \\/system\\/system\\/admins\\/assessments\\/examproper\\/exam-update.php.", "description_and_impact": "Sourcecodester Online Reviewer System version 1.0 contains a SQL Injection flaw within the file exam\u2011update.php. The weakness, identified as CWE\u201189, permits an attacker who can supply crafted input to the web interface to append or replace SQL code executed against the database. Through successful exploitation an attacker could read, modify, or delete data stored by the application, potentially exposing confidential information or disrupting business operations.", "risk_and_exploitability": "The CVSS score of 2.7 indicates a low severity vulnerability, and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is likely exploitable via the web interface (remote attack vector), inferred from the location of the flaw in a publicly accessible PHP file. No patches or mitigations have been listed in the vendor\u2019s advisory, and the issue is not present in the CISA KEV catalog. Even though the risk level is low, the nature of a SQL Injection flaw warrants timely remediation to prevent potential data loss or corruption."}}}}, "created": "2026-04-13T14:26:58.994421+00:00", "updated": "2026-04-14T16:36:06.637868+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$online_reviewer_system"]}