Published: 15/11/2021 Updated: 26/11/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 670

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Online Learning System Project

Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
online learning system project online learning system 2.0

Online Learning System version 20 remote code execution exploit that leverages SQL injection, authentication bypass, and file upload vulnerabilities ...

CWE-89 https://github.com/DjebbarAnon/online-learning-system-v2-sqli-authentication-bypass-file-upload-unauthenticated-RCE http://packetstormsecurity.com/files/164985/Online-Learning-System-2.0-Remote-Code-Execution.html https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-07 https://www.nu11secur1ty.com/2021/09/cve-nu11-07-elearning-v2by-oretnom23-is.html https://www.nu11secur1ty.com/2021/11/cve-2021-42580.html https://nvd.nist.gov https://packetstormsecurity.com/files/164985/Online-Learning-System-2.0-Remote-Code-Execution.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-42580

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect