{"vulnerability": "CVE-2021-42669", "sightings": [{"uuid": "0c3e0f2f-25e2-4df7-ba48-632a7bccd554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42669", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/31873", "content": "\u203c CVE-2021-42669 \u203c\n\nA file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing \"\" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-05T15:27:05.000000Z"}, {"uuid": "48f5af1a-c49a-4b14-9785-63d250cd384b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42669", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/816", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-42669 - Remote code execution via unrestricted file upload vulnerability in the Engineers online portal system.\nURL\uff1ahttps://github.com/TheHackingRabbi/CVE-2021-42669", "creation_timestamp": "2021-11-06T17:50:09.000000Z"}]}