CVE-2021-42665

CRITICAL

Engineers Online Portal - SQL Injection

Title source: rule

Description

An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.

Exploits (3)

exploitdb WORKING POC

by Alon Leviev · textwebappsphp

https://www.exploit-db.com/exploits/50452

View Code ZIP pw:eip

nomisec WORKING POC

by 0xDeku · poc

https://github.com/0xDeku/CVE-2021-42665

View Code ZIP pw:eip

inthewild WRITEUP

poc

https://github.com/thehackingrabbi/cve-2021-42665

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://github.com/TheHackingRabbi/CVE-2021-42665

[Exploit, Third Party Advisory] https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42665

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50452

[Product, Third Party Advisory] https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html

Scores

CVSS v3 9.8

EPSS 0.0496

EPSS Percentile 89.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

engineers_online_portal_project/engineers_online_portal 1.0

Published Nov 05, 2021

Tracked Since Feb 18, 2026