{"vulnerability": "cve-2021-4266", "sightings": [{"uuid": "c7b4da82-bf15-4856-9434-acd8c1d0518c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42663", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/809", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-42663 - HTML Injection vulnerability in the Online event booking and reservation system. \nURL\uff1ahttps://github.com/TheHackingRabbi/CVE-2021-42663", "creation_timestamp": "2021-11-05T10:55:18.000000Z"}, {"uuid": "24a589c2-cbe3-43b6-ab40-457901281024", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4266", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11665", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-4266\n\ud83d\udd25 CVSS Score: 3.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability classified as problematic has been found in Webdetails cpf up to 9.5.0.0-80. Affected is an unknown function of the file core/src/main/java/pt/webdetails/cpf/packager/DependenciesPackage.java. The manipulation of the argument baseUrl leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 9.5.0.0-81 is able to address this issue. The name of the patch is 3bff900d228e8cae3af256b447c5d15bdb03c174. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216468.\n\ud83d\udccf Published: 2022-12-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T17:30:12.851Z\n\ud83d\udd17 References:\n1. https://github.com/siwapp/siwapp-ror/pull/365\n2. https://github.com/webdetails/cpf/releases/tag/9.5.0.0-81\n3. https://github.com/webdetails/cpf/commit/3bff900d228e8cae3af256b447c5d15bdb03c174\n4. https://vuldb.com/?id.216468", "creation_timestamp": "2025-04-14T17:54:27.000000Z"}, {"uuid": "3ce5267a-ae48-4dd2-a973-6f86dc0fb7c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42667", "type": "published-proof-of-concept", "source": "Telegram/VKRCSmLK6o2Wh_NRIyZXOMAUILFZpXQLq6xQgV_sCaQQeg", "content": "", "creation_timestamp": "2021-11-11T15:56:54.000000Z"}, {"uuid": "7f04b57e-e29e-4d47-945f-25db10dc4cf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42663", "type": "seen", "source": "https://t.me/cibsecurity/31877", "content": "\u203c CVE-2021-42663 \u203c\n\nAn HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-05T15:27:12.000000Z"}, {"uuid": "3618b9aa-05ac-45e4-8397-85fae6e294dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42667", "type": "seen", "source": "https://t.me/cibsecurity/31876", "content": "\u203c CVE-2021-42667 \u203c\n\nA SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-05T15:27:11.000000Z"}, {"uuid": "1d6dc3ce-39b4-4f61-97ad-0631aa93b2e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42666", "type": "seen", "source": "https://t.me/cibsecurity/31874", "content": "\u203c CVE-2021-42666 \u203c\n\nA SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-05T15:27:07.000000Z"}, {"uuid": "0c3e0f2f-25e2-4df7-ba48-632a7bccd554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42669", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/31873", "content": "\u203c CVE-2021-42669 \u203c\n\nA file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing \"\" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-05T15:27:05.000000Z"}, {"uuid": "f7075ed2-c0c6-4d89-a6c8-822400433808", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42662", "type": "seen", "source": "https://t.me/cibsecurity/31869", "content": "\u203c CVE-2021-42662 \u203c\n\nA Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-05T13:25:42.000000Z"}, {"uuid": "569e2326-cf8c-4cb4-b03f-c8df23161edc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42665", "type": "seen", "source": "https://t.me/cibsecurity/31880", "content": "\u203c CVE-2021-42665 \u203c\n\nAn SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-05T15:27:17.000000Z"}, {"uuid": "fad27f15-1048-47bc-bd18-472855bfb24f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42668", "type": "seen", "source": "https://t.me/cibsecurity/31879", "content": "\u203c CVE-2021-42668 \u203c\n\nA SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-05T15:27:16.000000Z"}, {"uuid": "8ca739c9-a760-46d4-bbfd-0b65faf17ffa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42664", "type": "seen", "source": "https://t.me/cibsecurity/31878", "content": "\u203c CVE-2021-42664 \u203c\n\nA Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-05T15:27:14.000000Z"}, {"uuid": "a3392089-5ad7-4753-a6c3-260ab5301db9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42663", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/400", "content": "The Engineers Online Portal System\n\n#CVE-2021-42662 - Stored Cross-Site Scripting vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42662\n\n#CVE-2021-42663 - HTML Injection vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42663\n\n#CVE-2021-42664 - Stored Cross-Site Scripting vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42664\n\n#CVE-2021-42665 - SQL Injection authentication bypass vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42665\n\n#CVE-2021-42666 - SQL Injection vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42666\n\n#CVE-2021-42667 - SQL Injection vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42667", "creation_timestamp": "2021-11-06T19:08:05.000000Z"}, {"uuid": "ed6e36d7-0751-4606-8bea-768cd6344845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42665", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/400", "content": "The Engineers Online Portal System\n\n#CVE-2021-42662 - Stored Cross-Site Scripting vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42662\n\n#CVE-2021-42663 - HTML Injection vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42663\n\n#CVE-2021-42664 - Stored Cross-Site Scripting vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42664\n\n#CVE-2021-42665 - SQL Injection authentication bypass vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42665\n\n#CVE-2021-42666 - SQL Injection vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42666\n\n#CVE-2021-42667 - SQL Injection vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42667", "creation_timestamp": "2021-11-06T19:08:05.000000Z"}, {"uuid": "93e385de-10df-4a2a-81bf-4169ecc314c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42662", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/400", "content": "The Engineers Online Portal System\n\n#CVE-2021-42662 - Stored Cross-Site Scripting vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42662\n\n#CVE-2021-42663 - HTML Injection vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42663\n\n#CVE-2021-42664 - Stored Cross-Site Scripting vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42664\n\n#CVE-2021-42665 - SQL Injection authentication bypass vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42665\n\n#CVE-2021-42666 - SQL Injection vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42666\n\n#CVE-2021-42667 - SQL Injection vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42667", "creation_timestamp": "2021-11-06T19:08:05.000000Z"}, {"uuid": "1e1b063b-fe0a-4291-a1bb-140c201bcc1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42664", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/400", "content": "The Engineers Online Portal System\n\n#CVE-2021-42662 - Stored Cross-Site Scripting vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42662\n\n#CVE-2021-42663 - HTML Injection vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42663\n\n#CVE-2021-42664 - Stored Cross-Site Scripting vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42664\n\n#CVE-2021-42665 - SQL Injection authentication bypass vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42665\n\n#CVE-2021-42666 - SQL Injection vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42666\n\n#CVE-2021-42667 - SQL Injection vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42667", "creation_timestamp": "2021-11-06T19:08:05.000000Z"}, {"uuid": "7ee23ba5-4042-4a75-9cc3-6b50b926f329", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42667", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/400", "content": "The Engineers Online Portal System\n\n#CVE-2021-42662 - Stored Cross-Site Scripting vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42662\n\n#CVE-2021-42663 - HTML Injection vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42663\n\n#CVE-2021-42664 - Stored Cross-Site Scripting vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42664\n\n#CVE-2021-42665 - SQL Injection authentication bypass vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42665\n\n#CVE-2021-42666 - SQL Injection vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42666\n\n#CVE-2021-42667 - SQL Injection vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42667", "creation_timestamp": "2021-11-06T19:08:05.000000Z"}, {"uuid": "61cb2483-38d9-4eed-893a-e7f14b5e24f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42666", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/400", "content": "The Engineers Online Portal System\n\n#CVE-2021-42662 - Stored Cross-Site Scripting vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42662\n\n#CVE-2021-42663 - HTML Injection vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42663\n\n#CVE-2021-42664 - Stored Cross-Site Scripting vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42664\n\n#CVE-2021-42665 - SQL Injection authentication bypass vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42665\n\n#CVE-2021-42666 - SQL Injection vulnerability in the Engineers online portal system\nhttps://github.com/TheHackingRabbi/CVE-2021-42666\n\n#CVE-2021-42667 - SQL Injection vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42667", "creation_timestamp": "2021-11-06T19:08:05.000000Z"}, {"uuid": "72af0d50-e0a1-44e0-b378-935238435a61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42663", "type": "seen", "source": "https://t.me/hacker_trick/394", "content": "Some docker images to play with #CVE-2021-41773 and #CVE-2021-42013\nhttps://github.com/Hydragyrum/CVE-2021-41773-Playground\n\n#CVE-2021-42663 HTML Injection vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42663", "creation_timestamp": "2021-11-05T12:22:44.000000Z"}, {"uuid": "cf703677-6ae2-4648-894d-fa035f99f457", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42662", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/800", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-42662 - Stored Cross-Site Scripting vulnerability in the Online event booking and reservation system. \nURL\uff1ahttps://github.com/TheHackingRabbi/CVE-2021-42662", "creation_timestamp": "2021-11-03T21:52:36.000000Z"}, {"uuid": "48f5af1a-c49a-4b14-9785-63d250cd384b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42669", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/816", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-42669 - Remote code execution via unrestricted file upload vulnerability in the Engineers online portal system.\nURL\uff1ahttps://github.com/TheHackingRabbi/CVE-2021-42669", "creation_timestamp": "2021-11-06T17:50:09.000000Z"}, {"uuid": "b93e0d15-3405-474a-954b-3d5e8a7a67c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-42665", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/815", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-42665 - SQL Injection authentication bypass vulnerability in the Engineers online portal system. \nURL\uff1ahttps://github.com/TheHackingRabbi/CVE-2021-42665", "creation_timestamp": "2021-11-06T17:45:48.000000Z"}, {"uuid": "3ee050b7-d3d0-4232-ad84-30006991ff4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4266", "type": "seen", "source": "https://t.me/cibsecurity/55078", "content": "\u203c CVE-2021-4266 \u203c\n\nA vulnerability classified as problematic has been found in Webdetails cpf up to 9.5.0.0-80. Affected is an unknown function of the file core/src/main/java/pt/webdetails/cpf/packager/DependenciesPackage.java. The manipulation of the argument baseUrl leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 9.5.0.0-81 is able to address this issue. The name of the patch is 3bff900d228e8cae3af256b447c5d15bdb03c174. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216468.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T22:13:09.000000Z"}]}