Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
engineers online portal project engineers online portal - vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-42668
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a re...
Engineers Online Portal Project Engineers Online Portal -
2 Github repositories
9.8
CVSSv3
CVE-2021-42670
A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to g...
Engineers Online Portal Project Engineers Online Portal -
2 Github repositories
7.5
CVSSv3
CVE-2021-42671
An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server witho...
Engineers Online Portal Project Engineers Online Portal -
2 Github repositories
9.8
CVSSv3
CVE-2021-42669
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by a...
Engineers Online Portal Project Engineers Online Portal -
2 Github repositories
7.5
CVSSv3
CVE-2024-0260
A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to...
Engineers Online Portal Project Engineers Online Portal 1.0
5.4
CVSSv3
CVE-2021-42664
A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server...
Engineers Online Portal Project Engineers Online Portal 1.0
2 Github repositories
9.8
CVSSv3
CVE-2021-42665
An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an malicious user to bypass authentication.
Engineers Online Portal Project Engineers Online Portal 1.0
2 Github repositories
8.8
CVSSv3
CVE-2021-42666
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code exec...
Engineers Online Portal Project Engineers Online Portal 1.0
2 Github repositories
8.8
CVSSv3
CVE-2021-43437
In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Hea...
Engineers Online Portal Project Engineers Online Portal 1.0
3.7
CVSSv3
CVE-2024-0347
A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initi...
Engineers Online Portal Project Engineers Online Portal 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »