CVE-2021-42671

HIGH

Sourcecodester Engineers Online Portal - Auth Bypass

Title source: llm

Description

An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.

Exploits (2)

nomisec WRITEUP 1 stars

by 0xDeku · poc

https://github.com/0xDeku/CVE-2021-42671

View Code ZIP pw:eip

inthewild WRITEUP

poc

https://github.com/thehackingrabbi/cve-2021-42671

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://github.com/TheHackingRabbi/CVE-2021-42671

[Exploit, Third Party Advisory] https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42671

[Product, Third Party Advisory] https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html

Scores

CVSS v3 7.5

EPSS 0.0613

EPSS Percentile 90.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-425

Status published

Products (1)

engineers_online_portal_project/engineers_online_portal

Published Nov 05, 2021

Tracked Since Feb 18, 2026