Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Engineers_online_portal
(Engineers_online_portal_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-11-05 | CVE-2021-42664 | A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. | Engineers_online_portal | 5.4 | ||
| 2021-11-05 | CVE-2021-42665 | An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication. | Engineers_online_portal | 9.8 | ||
| 2021-11-05 | CVE-2021-42666 | A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server. | Engineers_online_portal | 8.8 |