BiggiDroid Simple PHP CMS Unrestricted File Upload Vulnerability in Site Logo Handler
Vulnerability
A vulnerability allowing unrestricted file upload has been identified in BiggiDroid Simple PHP CMS version 1.0. This issue resides in the Site Logo Handler component, specifically within the file '/admin/edit.php'. The vulnerability is triggered by manipulating the 'image' argument, which allows remote exploitation. The uploaded files can potentially be executed on the server, leading to unauthorized actions or data breaches.
Impact
Exploitation of this vulnerability allows for arbitrary file upload, which could be used to upload malicious files such as web shells, potentially leading to remote code execution.
Reproduction
To reproduce this vulnerability, log into the admin panel of BiggiDroid Simple PHP CMS 1.0. Navigate to the 'edit.php' file in the admin section. Upload a file through the 'image' argument without any restrictions on the file type or name. After uploading, the file can be accessed and executed, demonstrating the vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.