CVE-2021-42669

Name of the Vulnerable Software and Affected Versions Sourcecodester Engineers Online Portal (affected versions not specified)

Description A file upload issue exists, allowing attackers to change the avatar through teacher avatar.php in dashboard teacher.php. Uploaded files are stored in the /admin/uploads/ directory and are accessible to all users. An attacker can upload a PHP webshell containing <?php system($ GET["cmd"]); ?> and execute commands on the web server by accessing the uploaded file, for example, /admin/uploads/php-webshell?cmd=id. This allows for command execution with potentially elevated privileges.

Recommendations As a temporary workaround, consider disabling the teacher avatar.php functionality until a patch is available. Restrict access to the /admin/uploads/ directory to minimize the risk of exploitation. Avoid using the cmd parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.