Iqbolshoh php-business-website Unrestricted File Upload Vulnerability

A vulnerability allowing unrestricted file uploads has been identified in Iqbolshoh php-business-website versions up to 10677743a8dfc281f85291a27cf63a0bce043c24. The issue resides in the file /admin/about.php, where the application fails to properly validate uploaded files. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could lead to the execution of malicious scripts on the server, potentially compromising the server's security.

Reproduction

The vulnerability can be reproduced by uploading a file through the /admin/about.php page. The application does not check the file extension, MIME type, or content, allowing a malicious script to be uploaded disguised as an image. If the server's assets/img directory permits script execution, the uploaded script could be executed, leading to a server compromise.