SourceCodester Hotel and Lodge Management System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in SourceCodester Hotel and Lodge Management System version 1.0. The issue resides in the Profile Page component, specifically within the file '/profile.php'. The vulnerability arises because the application fails to properly sanitize or filter uploaded files, enabling the upload of potentially dangerous file types that could be executed within the application's environment. This flaw could be exploited remotely and may lead to arbitrary file uploads, with a possibility of remote code execution.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could be used to upload malicious files that are executed on the server, potentially leading to remote code execution.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the profile update page. Upload a file through the image upload feature. The application does not properly validate the file type, allowing the upload of malicious files. After uploading, intercept the request to confirm the upload of an unauthorized file type.