Code-Projects Computer Laboratory System Unrestricted File Upload Vulnerability in technical_staff_pic.php

A vulnerability allowing unrestricted file uploads has been identified in Code-Projects Computer Laboratory System version 1.0. The issue resides in the file technical_staff_pic.php, where the application fails to validate uploaded image files before moving them to the uploads directory. This lack of validation allows attackers to upload arbitrary files, including malicious PHP scripts, which could be executed on the server if the uploads directory is web-accessible. The vulnerability can be exploited remotely and requires authentication.

Impact

Exploitation of this vulnerability allows for remote code execution on the server. An attacker could upload a malicious PHP web shell, execute system commands, and potentially compromise the entire server. This includes reading sensitive files, modifying or deleting data, uploading tools for privilege escalation, and establishing persistent backdoors. Additionally, the vulnerability could be exploited to deface the website, take over accounts by injecting payloads into profile images, or cause denial-of-service conditions by overwriting critical files.

Reproduction

To reproduce this vulnerability, authenticate into the application and navigate to the profile image upload feature. Upload an image file without any security checks on file type or content. The application will move the file to the uploads directory, where it can be accessed and executed if the server allows it.