Vulnerability Description
Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oretnom23 | Online Learning System | 2.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/164985/Online-Learning-System-2.0-Remote-CoExploitThird Party AdvisoryVDB Entry
- https://github.com/DjebbarAnon/online-learning-system-v2-sqli-authentication-bypExploitThird Party Advisory
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVEExploitThird Party Advisory
- https://www.nu11secur1ty.com/2021/09/cve-nu11-07-elearning-v2by-oretnom23-is.htmExploitThird Party Advisory
- https://www.nu11secur1ty.com/2021/11/cve-2021-42580.htmlExploitThird Party Advisory
- http://packetstormsecurity.com/files/164985/Online-Learning-System-2.0-Remote-CoExploitThird Party AdvisoryVDB Entry
- https://github.com/DjebbarAnon/online-learning-system-v2-sqli-authentication-bypExploitThird Party Advisory
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVEExploitThird Party Advisory
- https://www.nu11secur1ty.com/2021/09/cve-nu11-07-elearning-v2by-oretnom23-is.htmExploitThird Party Advisory
- https://www.nu11secur1ty.com/2021/11/cve-2021-42580.htmlExploitThird Party Advisory
FAQ
What is CVE-2021-42580?
CVE-2021-42580 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft ...
How severe is CVE-2021-42580?
CVE-2021-42580 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-42580?
Check the references section above for vendor advisories and patch information. Affected products include: Oretnom23 Online Learning System.