PT-2021-23652 · Unknown · Sourcecodester Engineers Online Portal

0Xdeku

Published

2021-11-05

Updated

2022-07-12

CVE-2021-42671

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Sourcecodester Engineers Online Portal (affected versions not specified)

Description An incorrect access control issue exists in the Sourcecodester Engineers Online Portal in PHP, specifically in the nia munoz monitoring system/admin/uploads directory. This allows an attacker to bypass access controls and access all files uploaded to the web server without needing authentication or authorization.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-425

Related Identifiers

CVE-2021-42671

Affected Products

Sourcecodester Engineers Online Portal

PT-2021-23652 · Unknown · Sourcecodester Engineers Online Portal

CVE-2021-42671

Weakness Enumeration

Related Identifiers

Affected Products

References · 6