Code-Projects Content Management System Publish News Page Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Code-Projects Content Management System version 1.0. The issue resides in the Publish News Page component, specifically within the file '/admin/publishnews.php'. The vulnerability can be exploited remotely by manipulating the 'image' argument to upload arbitrary files.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to upload malicious scripts or executables that could be executed on the server, potentially leading to a compromise of the server or application.

Reproduction

To reproduce this vulnerability, an authenticated user can navigate to the Publish News Page and select a PHP file, such as 'shell.php', to upload. Intercepting the request and changing the 'content-type' header to a valid image type, like 'image/jpeg', will bypass file type restrictions. Once uploaded, the PHP file will be accessible via the '/allpostpics/' directory, where it can be executed, leading to remote code execution.