Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2021-42580

Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated
Validated

Description

Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution.

Add Assessment

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

CVE-2021-42580

Vendor

Description:

Sourcecodester Online Learning System 2.0 is vulnerable to SQL injection authentication bypass in the admin login file (/admin/login.php).
After exploiting the admin account by using SQL-malicious payload the attacker can take a PHPSESSID by using XSS-Stored attack and can take control again and again and again. So awful…

Reproduce:

href

Proof:

href

General Information

Technical Analysis