Filtered by vendor Engineers Online Portal Project
Subscribe
Total
23 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-42669 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing "<?php system($_GET["cmd"]); ?>" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id. | |||||
CVE-2021-42665 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication. | |||||
CVE-2021-42664 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. |