CVE-2021-42580
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
15/11/2021
Last modified:
18/12/2024
Description
Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:oretnom23:online_learning_system:2.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/164985/Online-Learning-System-2.0-Remote-Code-Execution.html
- https://github.com/DjebbarAnon/online-learning-system-v2-sqli-authentication-bypass-file-upload-unauthenticated-RCE
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-07
- https://www.nu11secur1ty.com/2021/09/cve-nu11-07-elearning-v2by-oretnom23-is.html
- https://www.nu11secur1ty.com/2021/11/cve-2021-42580.html
- http://packetstormsecurity.com/files/164985/Online-Learning-System-2.0-Remote-Code-Execution.html
- https://github.com/DjebbarAnon/online-learning-system-v2-sqli-authentication-bypass-file-upload-unauthenticated-RCE
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-07
- https://www.nu11secur1ty.com/2021/09/cve-nu11-07-elearning-v2by-oretnom23-is.html
- https://www.nu11secur1ty.com/2021/11/cve-2021-42580.html