CVE-2021-42580
CVE-2021-42580
Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/164985/Online-Learning-System-2.0-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50526unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/164985/Online-Learning-System-2.0-Remote-Code-Execution.htmlhttps://github.com/DjebbarAnon/online-learning-system-v2-sqli-authentication-bypass-file-upload-unauthenticated-RCEhttps://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-07https://www.nu11secur1ty.com/2021/09/cve-nu11-07-elearning-v2by-oretnom23-is.htmlhttps://www.nu11secur1ty.com/2021/11/cve-2021-42580.html