CVE-2021-42671 – CVE-2021-42671 is an incorrect access control v... (How to Fix)

Q: What is the severity of CVE-2021-42671?

CVE-2021-42671 has a CVSS score of 7.5 (HIGH). CVE-2021-42671 is an incorrect access control vulnerability in Sourcecodester Engineers Online Portal that allows unauthenticated attackers to access all uploaded files on the web server. This affects organizations using the vulnerable PHP application, potentially exposing sensitive uploaded documents.

📋 TL;DR

CVE-2021-42671 is an incorrect access control vulnerability in Sourcecodester Engineers Online Portal that allows unauthenticated attackers to access all uploaded files on the web server. This affects organizations using the vulnerable PHP application, potentially exposing sensitive uploaded documents.

💻 Affected Systems

Products:

Sourcecodester Engineers Online Portal

Versions: All versions prior to patch (specific version unknown)

Operating Systems: Any OS running PHP web server

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the nia_munoz_monitoring_system/admin/uploads directory specifically. Requires the vulnerable upload functionality to be present and accessible.

📦 What is this software?

Engineers Online Portal by Engineers Online Portal Project

View all CVEs affecting Engineers Online Portal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete exposure of all uploaded files including sensitive documents, credentials, or proprietary information leading to data breach and regulatory violations.

🟠

Likely Case

Unauthorized access to uploaded files containing user data, configuration files, or other sensitive information that could be used for further attacks.

🟢

If Mitigated

No unauthorized file access; proper authentication and authorization controls prevent exploitation.

🌐 Internet-Facing: HIGH - The vulnerability allows unauthenticated access, making internet-facing instances particularly vulnerable to automated scanning and exploitation.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable but may have additional network-level protections reducing exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires direct access to the vulnerable uploads directory path. Multiple public proof-of-concept scripts exist demonstrating the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html

Restart Required: No

Instructions:

No official patch available. Remove or secure the vulnerable application. If using, implement proper access controls in the uploads directory.

🔧 Temporary Workarounds

Implement .htaccess Authentication

linux

Add authentication requirements to the uploads directory using Apache .htaccess

# Create .htaccess in nia_munoz_monitoring_system/admin/uploads/
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /path/to/.htpasswd
Require valid-user

Restrict Directory Access

all

Move uploads directory outside web root or implement proper access controls

# Move uploads directory outside web root
mv /var/www/html/nia_munoz_monitoring_system/admin/uploads /secure/path/
# Update application configuration to use new path

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block access to /admin/uploads/ paths
Monitor and restrict network access to the vulnerable application, limiting exposure to trusted networks only

🔍 How to Verify

Check if Vulnerable:

Attempt to access http://[target]/nia_munoz_monitoring_system/admin/uploads/ without authentication. If file listing or file access is possible, the system is vulnerable.

Check Version:

Check application files for version information or consult vendor documentation. No standard version command available.

Verify Fix Applied:

Attempt the same access after implementing controls; should receive authentication prompt or access denied error.

📡 Detection & Monitoring

Log Indicators:

Multiple 200/304 HTTP responses to /admin/uploads/ paths from unauthenticated users
Unusual file access patterns to uploads directory

Network Indicators:

HTTP GET requests to /nia_munoz_monitoring_system/admin/uploads/ without preceding authentication requests

SIEM Query:

source="web_logs" AND (uri="/nia_munoz_monitoring_system/admin/uploads/*" OR uri CONTAINS "/admin/uploads/") AND NOT (user!="-" OR auth_success="true")

📊 Metadata

CVE ID: CVE-2021-42671

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-425

Published: November 5, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/TheHackingRabbi/CVE-2021-42671 Exploit,Third Party Advisory
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42671 Exploit,Third Party Advisory
https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Product,Third Party Advisory
https://github.com/TheHackingRabbi/CVE-2021-42671 Exploit,Third Party Advisory
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42671 Exploit,Third Party Advisory
https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Product,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42671, you might also want to check these: