SourceCodester Pet Grooming Management Software Unrestricted File Upload Vulnerability

A vulnerability allowing unrestricted file uploads has been identified in SourceCodester Pet Grooming Management Software version 1.0. The issue resides in the file '/admin/operation/user.php', where insufficient validation of the 'website_image' argument enables attackers to upload arbitrary files. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to upload malicious files that are executed on the server, potentially leading to a compromise of server privileges.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the 'user.php' file in the 'admin/operation' directory. Once there, upload a file through the 'website_image' parameter, ensuring it is a PHP file or another type that can be executed on the server. After the upload, the file can be accessed and executed, demonstrating the vulnerability.