Victor CMS File Upload Vulnerability Leading to Remote Code Execution

A file upload vulnerability allowing authenticated users to upload malicious PHP files has been identified in Victor CMS version 1.0. This issue arises from the profile image upload feature, where uploaded files are stored in the '/img' directory. Once a PHP shell is uploaded, it can be accessed via a web browser to execute system commands.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Victor CMS is hosted.

Reproduction

To reproduce this vulnerability, register an account on the Victor CMS site and log in as a user. Navigate to the profile page and upload a PHP file disguised as an image through the profile image upload feature. After uploading, update the user profile. The uploaded PHP shell can then be accessed from the 'img' directory, allowing execution of system commands via the web browser.