cbcvebase.
CVE-2021-42671
published 2021-11-05

CVE-2021-42671: An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can…

PriorityP260high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
19.68%
97.1th percentile
An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.

Detection & IOCsextracted from sources · hover to see the quote

path/nia_munoz_monitoring_system/admin/uploads
snort
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Possible Engineers Online Portal System Access Control Bypass (CVE-2021-42671)"; flow:established,to_server; http.uri; content:"/nia_munoz_monitoring_system/admin/uploads"; fast_pattern; reference:cve,2021-42671; classtype:attempted-admin; sid:2034454; rev:1; metadata:attack_target Server, created_at 2021_11_13, cve CVE_2021_42671, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2021_11_13, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
  • Monitor HTTP requests targeting the unauthenticated uploads directory path '/nia_munoz_monitoring_system/admin/uploads' — any inbound GET/POST to this URI without a valid session indicates exploitation of the access control bypass.
  • The ET rule (SID 2034454) triggers on established HTTP flows to_server where the URI contains '/nia_munoz_monitoring_system/admin/uploads'; deploy at both Perimeter and Internal chokepoints for full coverage.
  • ·The ET rule targets $HOME_NET and $HTTP_SERVERS — ensure these variables are correctly scoped to include all hosts running the Engineers Online Portal to avoid missed detections.
  • ·The vulnerability exists specifically in the PHP application 'nia_munoz_monitoring_system'; the path is case-sensitive and web-server-dependent — validate path casing in your environment before relying solely on the Snort content match.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.