CampCodes Project Management System Unrestricted File Upload Vulnerability Allowing Remote Code Execution

A critical vulnerability exists in CampCodes Project Management System version 1.0, specifically within the file '/forms/update_forms.php?action=change_pic2&id=4'. This vulnerability allows for unrestricted file uploads by manipulating the 'file' argument, enabling the upload of malicious PHP scripts. The issue can be exploited remotely, leading to arbitrary code execution on the server.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where the application is hosted.

Reproduction

To reproduce this vulnerability, send a POST request to '/construction_pms/forms/update_forms.php' with the 'action' parameter set to 'change_pic2' and the 'id' parameter set to '4'. Include a file in the request that contains a malicious PHP script. The uploaded file will be saved in the '../images/' directory, and the script can be executed by accessing the uploaded file.