CVE-2021-42671

Published: Nov 5, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.

Affected (1)

Products: Engineers Online Portal Project: Engineers Online Portal

Engineers Online Portal Project

1 product

Engineers Online Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Engineers Online Portal Project Engineers Online Portal	All versions

Related CWEs

Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (6)

https://github.com/TheHackingRabbi/CVE-2021-42671

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42671

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html

Source: cve@mitre.org

ProductThird Party Advisory

https://github.com/TheHackingRabbi/CVE-2021-42671

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42671

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

Timeline

No history available yet.