itsourcecode Farm Management System Code Injection Vulnerability in add-pig.php

A critical code injection vulnerability has been identified in the itsourcecode Farm Management System, specifically in version 1.0. The issue resides in the add-pig.php file, where the pigphoto parameter allows for unrestricted file uploads. This vulnerability arises from inadequate validation and sanitization of uploaded files, enabling attackers to upload malicious code that could be executed on the server.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server.

Reproduction

To reproduce this vulnerability, send a POST request to the add-pig.php file with the pigphoto parameter. Include a file named test.php that contains PHP code, such as a command to be executed on the server. The lack of file type restrictions and proper validation allows this malicious file to be uploaded successfully.