Vulnerability Information: Title: Code-Projects Online Reviewer System 1.0 - SQL Injection (loaddata.php difficulty_id) Identifiers: - VDB: 344901 - CVE: 2026-2198 - GCVE: 100-344901 CVSS Meta Temp Score: 6.9 Current Exploit Price: $0-$5k CTI Interest Score: 1.43 Summary: A critical vulnerability was found in Code-Projects Online Reviewer System 1.0. The issue exists in an unknown function of the file . Manipulating the argument with an unknown input leads to SQL injection. This vulnerability, identified as CVE-2026-2198, can be exploited remotely, and a public exploit is available. Details: CVE Classification: Critical Affected Product: Code-Projects Online Reviewer System 1.0 Affected File: Vulnerable Argument: CWE Classification: CWE-89 (SQL Injection) The vulnerability occurs when the product constructs an SQL command using externally-influenced input without proper neutralization, impacting confidentiality, integrity, and availability. No authentication is needed for exploitation. The attack technique referenced in ATT&CK is T1505. An advisory is available on GitHub. The exploitability is considered easy and can be initiated remotely.