WEBIGniter File Upload Vulnerability Leading to Remote Code Execution

A file upload vulnerability has been identified in WEBIGniter version 28.7.23. This vulnerability allows authenticated attackers to upload and execute malicious PHP files through the media function. Any created account can be used to upload these harmful scripts, which then enable remote code execution on the application server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where WEBIGniter is hosted.

Reproduction

To reproduce this vulnerability, an authenticated user must upload a PHP file through the media function. Once the file is uploaded, it can be executed on the server, leading to remote code execution.