SourceCodester Online Student File Management System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in SourceCodester Online Student File Management System version 1.0. This issue arises in the file '/save_file.php', where the application fails to properly sanitize or filter uploaded files. As a result, attackers can upload potentially dangerous files that may be executed within the application's environment, leading to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to upload malicious files that could be executed on the server, potentially leading to remote code execution.

Reproduction

To reproduce this vulnerability, upload a file through the '/save_file.php' endpoint. The application does not validate or sanitize the uploaded file, allowing for the upload of files with dangerous extensions. Once the file is uploaded, it can be accessed through the application, demonstrating the successful exploitation of the vulnerability.