Vulnerability Description
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Engineers Online Portal Project | Engineers Online Portal | - |
Related Weaknesses (CWE)
References
- https://github.com/TheHackingRabbi/CVE-2021-42668ExploitThird Party Advisory
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42668ExploitThird Party Advisory
- https://www.nu11secur1ty.com/2021/12/cve-2021-42668.htmlExploitThird Party Advisory
- https://www.sourcecodester.com/php/13115/engineers-online-portal-php.htmlProductThird Party Advisory
- https://github.com/TheHackingRabbi/CVE-2021-42668ExploitThird Party Advisory
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42668ExploitThird Party Advisory
- https://www.nu11secur1ty.com/2021/12/cve-2021-42668.htmlExploitThird Party Advisory
- https://www.sourcecodester.com/php/13115/engineers-online-portal-php.htmlProductThird Party Advisory
FAQ
What is CVE-2021-42668?
CVE-2021-42668 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from ...
How severe is CVE-2021-42668?
CVE-2021-42668 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-42668?
Check the references section above for vendor advisories and patch information. Affected products include: Engineers Online Portal Project Engineers Online Portal.