Описание
An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ProductThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ProductThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:-:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06684
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-425
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.
EPSS
Процентиль: 91%
0.06684
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-425