{"vulnerability": "CVE-2021-4267", "sightings": [{"uuid": "587709e1-e887-4321-a090-ed04f5ffaf8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4267", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11666", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-4267\n\ud83d\udd25 CVSS Score: 3.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability classified as problematic was found in tad_discuss. Affected by this vulnerability is an unknown functionality. The manipulation of the argument DiscussTitle leads to cross site scripting. The attack can be launched remotely. The name of the patch is af94d034ff8db642d05fd8788179eab05f433958. It is recommended to apply a patch to fix this issue. The identifier VDB-216469 was assigned to this vulnerability.\n\ud83d\udccf Published: 2022-12-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T17:29:58.939Z\n\ud83d\udd17 References:\n1. https://github.com/tad0616/tad_discuss/pull/19\n2. https://github.com/tad0616/tad_discuss/commit/af94d034ff8db642d05fd8788179eab05f433958\n3. https://vuldb.com/?id.216469", "creation_timestamp": "2025-04-14T17:54:31.000000Z"}, {"uuid": "0b1750c3-0d6b-4377-87c1-a4e839a34b13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42671", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/817", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-42671 - Broken access control vulnerability in the Engineers online portal system. \nURL\uff1ahttps://github.com/TheHackingRabbi/CVE-2021-42671", "creation_timestamp": "2021-11-06T17:54:28.000000Z"}, {"uuid": "8f3751e3-a537-4253-a53e-0b9f2f37e7c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42671", "type": "seen", "source": "https://t.me/cibsecurity/31875", "content": "\u203c CVE-2021-42671 \u203c\n\nAn incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-05T15:27:08.000000Z"}, {"uuid": "a5a534f1-fdb7-4edc-a45e-479258bc2125", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42670", "type": "seen", "source": "https://t.me/cibsecurity/31881", "content": "\u203c CVE-2021-42670 \u203c\n\nA SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-05T15:27:19.000000Z"}]}