Title: code-projects Online Reviewer System V1 SQL Injection Description: - A critical SQL injection vulnerability was detected in the "/system/system/admins/assessments/pretest/btn_functions.php" file during a security assessment. - The vulnerability is due to insufficient validation of the "difficulty_id" parameter. - Allows attackers to inject malicious SQL queries, access the database without authorization, modify or delete data, and obtain sensitive information. Source: https://github.com/tiancesec/CVE/issues/20 User: SHU for security (UID 95070) Submission Date: 02/01/2026 03:05 PM (8 days ago) Moderation Date: 02/08/2026 05:00 PM (7 days after submission) Status: Accepted VulDB Entry: 2344937 (code-projects Online Reviewer System 1.0 btn_functions.php difficulty_id sql injection) Points: 20