Engineers Online Portal Security Vulnerabilities and Issues — Engineers Online Portal CVE List

Lucene search

Engineers Online Portal ProjectEngineers Online Portal

8 matches found

CVE•added 2021/11/05 1:15 p.m.•61 views

CVE-2021-42664

A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, wh...

5.4CVSS5.2AI score0.01891EPSS

CVE•added 2021/11/05 1:15 p.m.•59 views

CVE-2021-42668

A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution...

9.8CVSS9.9AI score0.21401EPSS

CVE•added 2021/12/20 8:15 p.m.•51 views

CVE-2021-43437

In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. This ...

8.8CVSS8.5AI score0.00444EPSS

CVE•added 2021/11/05 1:15 p.m.•50 views

CVE-2021-42666

A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote...

8.8CVSS9.2AI score0.26817EPSS

CVE•added 2021/11/05 1:15 p.m.•49 views

CVE-2021-42669

A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By upload...

10CVSS9.6AI score0.44223EPSS

CVE•added 2021/11/05 1:15 p.m.•47 views

CVE-2021-42670

A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code ex...

9.8CVSS9.8AI score0.58031EPSS

CVE•added 2021/11/05 1:15 p.m.•44 views

CVE-2021-42665

An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.

9.8CVSS9.9AI score0.05414EPSS

CVE•added 2021/11/05 1:15 p.m.•36 views

CVE-2021-42671

An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of auth...

7.5CVSS7.7AI score0.06684EPSS