CVE-2021-42669

Published: Nov 5, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing "<?php system($_GET["cmd"]); ?>" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id.

Affected (1)

Products: Engineers Online Portal Project: Engineers Online Portal

Engineers Online Portal Project

1 product

Engineers Online Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Engineers Online Portal Project Engineers Online Portal	All versions

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

https://github.com/TheHackingRabbi/CVE-2021-42669

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42671

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html

Source: cve@mitre.org

ProductThird Party Advisory

https://github.com/TheHackingRabbi/CVE-2021-42669

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42671

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

Timeline

No history available yet.