Filtered by vendor Engineers Online Portal Project
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42668 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2021-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server. | |||||
| CVE-2021-42669 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2021-11-29 | 10.0 HIGH | 9.8 CRITICAL |
| A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing "<?php system($_GET["cmd"]); ?>" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id. | |||||
| CVE-2021-42665 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2021-11-23 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication. | |||||
| CVE-2021-42670 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2021-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server. | |||||