Skip to content

Latest commit

 

History

History

CVE-2021-42671

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

Description:

An RCE vulnerability exists in Engineers Online Portal 1.0 when the malicious user creates an account with a malicious purpose. When the user is already with the account he can upload a malicious RCE exploit without any problem - no sanitizing. After uploading this RCE malicious file, he can navigate by using the directory traversal method, which is another problem of this system, then he can execute the malicious code. Conclusion: Status awful and critical.

Reproduce:

href

Proof and exploit:

href