CVE-2021-42671

HIGH

Sourcecodester Engineers Online Portal - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-42671. PoCs published by 0xDeku.

AI-analyzed exploit summary This repository describes a broken access control vulnerability (CVE-2021-42671) in the Engineers Online Portal, allowing unauthenticated access to sensitive files in the uploads directory. The PoC involves navigating to a specific URL to bypass access controls.

Description

An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.

Exploits (2)

nomisec WRITEUP 1 stars
by 0xDeku · poc
https://github.com/0xDeku/CVE-2021-42671

This repository describes a broken access control vulnerability (CVE-2021-42671) in the Engineers Online Portal, allowing unauthenticated access to sensitive files in the uploads directory. The PoC involves navigating to a specific URL to bypass access controls.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Engineers Online Portal (version not specified)
No auth needed
Prerequisites: Access to the vulnerable web server URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WRITEUP
poc
https://github.com/thehackingrabbi/cve-2021-42671

This repository provides a technical description and proof-of-concept for CVE-2021-42671, a broken access control vulnerability in the Engineers Online Portal system. The vulnerability allows unauthenticated access to sensitive files in the uploads directory.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Engineers Online Portal system
No auth needed
Prerequisites: Access to the vulnerable web server
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (3)

Core 3
Core References
Product, Third Party Advisory x_refsource_misc
https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html
Exploit, Third Party Advisory x_refsource_misc
https://github.com/TheHackingRabbi/CVE-2021-42671
Exploit, Third Party Advisory x_refsource_misc
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42671

Scores

CVSS v3 7.5
EPSS 0.0615
EPSS Percentile 91.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-425
Status published
Products (1)
engineers_online_portal_project/engineers_online_portal
Published Nov 05, 2021
Tracked Since Feb 18, 2026