Vulnerability Description
An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Engineers Online Portal Project | Engineers Online Portal | - |
Related Weaknesses (CWE)
References
- https://github.com/TheHackingRabbi/CVE-2021-42671ExploitThird Party Advisory
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42671ExploitThird Party Advisory
- https://www.sourcecodester.com/php/13115/engineers-online-portal-php.htmlProductThird Party Advisory
- https://github.com/TheHackingRabbi/CVE-2021-42671ExploitThird Party Advisory
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42671ExploitThird Party Advisory
- https://www.sourcecodester.com/php/13115/engineers-online-portal-php.htmlProductThird Party Advisory
FAQ
What is CVE-2021-42671?
CVE-2021-42671 is a vulnerability with a CVSS score of 7.5 (HIGH). An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to ...
How severe is CVE-2021-42671?
CVE-2021-42671 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42671?
Check the references section above for vendor advisories and patch information. Affected products include: Engineers Online Portal Project Engineers Online Portal.