Projectworlds Online Tours and Travels Unrestricted File Upload Vulnerability

A file upload vulnerability has been identified in Projectworlds Online Tours and Travels version 1.0, specifically in the admin/change-image.php file. This vulnerability allows for unrestricted file uploads through the packageimage parameter, enabling attackers to upload malicious files, such as web shells, which could lead to remote code execution. The vulnerability can be exploited remotely, but requires authentication as an administrator.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be executed on the server, potentially leading to a complete system compromise.

Reproduction

To reproduce this vulnerability, log in as an administrator and navigate to the admin/change-image.php page. Upload a file through the packageimage parameter without any restrictions on file type or content. The uploaded file can then be executed on the server.

Remediation

It is recommended to implement strict file type validation, validate file content, rename uploaded files, store files outside the web root, limit file size, and use secure permissions.