ajayrandhawa User-Management-PHP-MYSQL Unrestricted File Upload Vulnerability

A file upload vulnerability has been identified in ajayrandhawa User-Management-PHP-MYSQL versions prior to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability exists in the User Management Interface, specifically within the file /admin/edit-user.php. The issue arises from inadequate validation of the 'image' argument, allowing for unrestricted file uploads. While the front-end JavaScript validation only permits JPG/JPEG files, the server-side lacks proper checks, enabling the upload of potentially dangerous files that could be executed within the application's environment. This vulnerability can be exploited remotely and is accompanied by a publicly available proof-of-concept exploit.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could lead to the uploading of malicious files that are processed by the application, potentially causing harm to the application's integrity and availability.

Reproduction

To reproduce this vulnerability, download the ajayrandhawa User-Management-PHP-MYSQL project and set it up on a local server. After logging in with an administrator account, navigate to the user management interface. The front-end will only allow the upload of JPG or JPEG files, but the server will not properly validate the file type or content. This oversight can be exploited to upload harmful files.