{"uuid": "0c3e0f2f-25e2-4df7-ba48-632a7bccd554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42669", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/31873", "content": "\u203c CVE-2021-42669 \u203c\n\nA file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing \"\" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-05T15:27:05.000000Z"}