SourceCodester Hotel and Lodge Management System Unrestricted File Upload Vulnerability

A critical unrestricted file upload vulnerability has been identified in SourceCodester Hotel and Lodge Management System versions through 1.0. The issue resides in the file /manage_website.php, where the argument website_image/back_login_image can be manipulated to upload files of potentially dangerous types. This vulnerability could be exploited remotely and may lead to arbitrary file upload, with the possibility of executing uploaded files on the server.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could be used to upload malicious files that are executed on the server, potentially leading to remote code execution.

Reproduction

To reproduce this vulnerability, upload a file through the 'website_image/back_login_image' argument on the '/manage_website.php' page. The application does not properly sanitize or filter the uploaded files, allowing for arbitrary file uploads. Intercept the upload request to confirm the vulnerability.