Projectworlds Advanced Library Management System Unrestricted File Upload Vulnerability

A vulnerability allowing unrestricted file uploads has been identified in the Projectworlds Advanced Library Management System version 1.0. The issue arises in the 'add_book.php' file, where the 'image' argument can be manipulated to upload malicious payloads. This flaw is due to inadequate input validation and sanitization, enabling remote attackers to exploit the file upload feature. The vulnerability could lead to remote code execution.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could be used to execute malicious scripts on the server, potentially leading to remote code execution. Additionally, such unrestricted uploads could cause file overwriting, file injection, directory traversal attacks, and denial-of-service conditions.

Reproduction

To reproduce this vulnerability, send a POST request to 'add_book.php' with a multipart form-data payload. Include a file in the 'image' field, ensuring it is named with a PHP file extension and contains a malicious PHP script, such as one that executes a system command. The request should be made from a remote location, as the vulnerability allows for remote exploitation.

Remediation

It is recommended to implement strict file type validation by whitelisting allowed extensions and verifying MIME types. Additionally, file content should be checked to confirm actual types and reject files containing malicious scripts. Filenames should be sanitized by generating random unique names and removing special characters to prevent path traversal attacks. Upload sizes should be restricted through server-side limits, and files should be stored securely, preferably outside the web root. If files must be web-accessible, restrict script execution in the upload directory.