Description
An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.
Affected Software
Related
{"id": "CVE-2021-42665", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-42665", "description": "An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.", "published": "2021-11-05T13:15:00", "modified": "2021-11-23T20:08:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42665", "reporter": "cve@mitre.org", "references": ["https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html", "https://github.com/TheHackingRabbi/CVE-2021-42665", "https://www.exploit-db.com/exploits/50452", "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42665"], "cvelist": ["CVE-2021-42665"], "immutableFields": [], "lastseen": "2022-03-23T19:34:27", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:50452"]}, {"type": "githubexploit", "idList": ["A7D43EA6-F69B-5054-B3C8-D264D307FF6D"]}], "rev": 4}, "score": {"value": 5.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "githubexploit", "idList": ["A7D43EA6-F69B-5054-B3C8-D264D307FF6D"]}]}, "exploitation": null, "vulnersScore": 5.5}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:engineers_online_portal_project:engineers_online_portal:1.0"], "cpe23": ["cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:1.0:*:*:*:*:*:*:*"], "cwe": ["CWE-89"], "affectedSoftware": [{"cpeName": "engineers_online_portal_project:engineers_online_portal", "version": "1.0", "operator": "eq", "name": "engineers online portal project engineers online portal"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:1.0:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html", "name": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html", "refsource": "MISC", "tags": ["Product", "Third Party Advisory"]}, {"url": "https://github.com/TheHackingRabbi/CVE-2021-42665", "name": "https://github.com/TheHackingRabbi/CVE-2021-42665", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/50452", "name": "https://www.exploit-db.com/exploits/50452", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42665", "name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42665", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}]}
{"githubexploit": [{"lastseen": "2022-03-24T23:29:32", "description": "# CVE-2021-42665\nCVE-2021-42665 - SQL Injection authentication b...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-03T19:58:58", "type": "githubexploit", "title": "Exploit for SQL Injection in Engineers Online Portal Project Engineers Online Portal", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42665"], "modified": "2021-11-06T17:44:14", "id": "59920733-8918-5DB9-AEDE-E646E0E98378", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-03-24T19:08:14", "description": "# CVE-2021-42665\nCVE-2021-42665 - SQL Injection authentication b...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-03T19:58:58", "type": "githubexploit", "title": "Exploit for SQL Injection in Engineers Online Portal Project Engineers Online Portal", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42665"], "modified": "2021-11-06T17:44:14", "id": "A7D43EA6-F69B-5054-B3C8-D264D307FF6D", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}]}
CVE-2021-42665
