Vulnerability Description
An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Engineers Online Portal Project | Engineers Online Portal | 1.0 |
Related Weaknesses (CWE)
References
- https://github.com/TheHackingRabbi/CVE-2021-42665ExploitThird Party Advisory
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42665ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/50452ExploitThird Party AdvisoryVDB Entry
- https://www.sourcecodester.com/php/13115/engineers-online-portal-php.htmlProductThird Party Advisory
- https://github.com/TheHackingRabbi/CVE-2021-42665ExploitThird Party Advisory
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42665ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/50452ExploitThird Party AdvisoryVDB Entry
- https://www.sourcecodester.com/php/13115/engineers-online-portal-php.htmlProductThird Party Advisory
FAQ
What is CVE-2021-42665?
CVE-2021-42665 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.
How severe is CVE-2021-42665?
CVE-2021-42665 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-42665?
Check the references section above for vendor advisories and patch information. Affected products include: Engineers Online Portal Project Engineers Online Portal.