Code-Projects Voting System Unrestricted File Upload Vulnerability in Voters Add PHP

A critical file upload vulnerability has been identified in Code-Projects Voting System version 1.0. The issue resides in the file '/admin/voters_add.php', where inadequate validation of uploaded files allows for unrestricted file uploads. This vulnerability can be exploited remotely, without the need for authentication.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which can lead to the execution of malicious files on the server. This could result in remote code execution, unauthorized access, and a complete compromise of the system.

Reproduction

To reproduce this vulnerability, access the '/admin/voters_add.php' file upload functionality. Upload a malicious PHP file, such as a web shell, disguised with a double extension (e.g., 'shell.php.jpg'). After uploading, the file can be accessed and executed via the web server.