CVE-2021-42671
published 2021-11-05CVE-2021-42671: An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can…
PriorityP260high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
19.68%
97.1th percentile
An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.
Detection & IOCsextracted from sources · hover to see the quote
snort
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Possible Engineers Online Portal System Access Control Bypass (CVE-2021-42671)"; flow:established,to_server; http.uri; content:"/nia_munoz_monitoring_system/admin/uploads"; fast_pattern; reference:cve,2021-42671; classtype:attempted-admin; sid:2034454; rev:1; metadata:attack_target Server, created_at 2021_11_13, cve CVE_2021_42671, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2021_11_13, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
- →Monitor HTTP requests targeting the unauthenticated uploads directory path '/nia_munoz_monitoring_system/admin/uploads' — any inbound GET/POST to this URI without a valid session indicates exploitation of the access control bypass. ↗
- →The ET rule (SID 2034454) triggers on established HTTP flows to_server where the URI contains '/nia_munoz_monitoring_system/admin/uploads'; deploy at both Perimeter and Internal chokepoints for full coverage.
- ·The ET rule targets $HOME_NET and $HTTP_SERVERS — ensure these variables are correctly scoped to include all hosts running the Engineers Online Portal to avoid missed detections.
- ·The vulnerability exists specifically in the PHP application 'nia_munoz_monitoring_system'; the path is case-sensitive and web-server-dependent — validate path casing in your environment before relying solely on the Snort content match. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET EXPLOIT Possible Engineers Online Portal System Access Control Bypass (CVE-2021-42671)
suricata·2021-11-13·CVSS 7.5
CVE-2021-42671 [HIGH] ET EXPLOIT Possible Engineers Online Portal System Access Control Bypass (CVE-2021-42671)
ET EXPLOIT Possible Engineers Online Portal System Access Control Bypass (CVE-2021-42671)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Possible Engineers Online Portal System Access Control Bypass (CVE-2021-42671)"; flow:established,to_server; http.uri; content:"/nia_munoz_monitoring_system/admin/uploads"; fast_pattern; reference:cve,2021-42671; classtype:attempted-admin; sid:2034454; rev:1; metadata:attack_target Server, created_at 2021_11_13, cve CVE_2021_42671, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2021_11_13, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/TheHackingRabbi/CVE-2021-42671https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42671https://www.sourcecodester.com/php/13115/engineers-online-portal-php.htmlhttps://github.com/TheHackingRabbi/CVE-2021-42671https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42671https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html
2021-11-05
Published