PHP Volunteer Management System Arbitrary File Upload Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in PHP Volunteer Management System version 1.0.2. This issue arises in the document upload feature, where authenticated users can upload files to the 'mods/documents/uploads/' directory without any restrictions on file type or extension. The uploads directory is publicly accessible and lacks execution controls, enabling attackers to upload malicious PHP payloads and execute them remotely. The application comes with default credentials, simplifying the exploitation process.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the application is hosted.

Reproduction

To reproduce this vulnerability, log into the application using the default credentials (admin:volunteer). Once authenticated, navigate to the document upload section and upload a PHP file disguised as a different file type. After the upload, the file can be accessed directly through the 'mods/documents/uploads/' directory, where it can be executed as a PHP script.