Vulnerability Details CVE-2021-42671
An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.067
EPSS Ranking 90.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/TheHackingRabbi/CVE-2021-42671
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42671
- https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html
- https://github.com/TheHackingRabbi/CVE-2021-42671
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42671
- https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html
Products affected by CVE-2021-42671
-
cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:-