Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2021-42671

Published: 05/11/2021 Updated: 12/07/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Engineers Online Portal

Vulnerability Summary

An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

engineers online portal project engineers online portal -

Vendor Advisories

Check Point Security Alerts: Engineers Online Portal Improper Access Control (CVE-2021-42671)
Check Point Reference: CPAI-2021-2119 Date Published: 28 Feb 2024 Severity: High ...

Github Repositories

https://github.com/0xDeku/CVE-2021-42671

CVE-2021-42671 - Broken access control vulnerability in the Engineers online portal system.

CVE-2021-42671 CVE-2021-42671 - Broken access control vulnerability in the Engineers online portal system Technical description: A broken access control vulnerability exists in the Engineers Online Portal An attacker can leverage this vulnerability in order to bypass access controls and get his hands on all the files uploaded to the web server without the need of authenticati

https://github.com/TheHackingRabbi/CVE-2021-42671

CVE-2021-42671 - Broken access control vulnerability in the Engineers online portal system.

CVE-2021-42671 CVE-2021-42671 - Broken access control vulnerability in the Engineers online portal system Technical description: A broken access control vulnerability exists in the Engineers Online Portal An attacker can leverage this vulnerability in order to bypass access controls and get his hands on all the files uploaded to the web server without the need of authenticati

References

CWE-425https://github.com/TheHackingRabbi/CVE-2021-42671https://www.sourcecodester.com/php/13115/engineers-online-portal-php.htmlhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42671https://nvd.nist.govhttps://github.com/0xDeku/CVE-2021-42671https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2021-2119.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook