Campcodes School File Management System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Campcodes School File Management System version 1.0. The issue arises in the file '/save_file.php', where the application fails to properly sanitize or filter uploaded files. This flaw enables the upload of potentially dangerous file types that could be executed within the application's environment, leading to a risk of remote code execution.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which can be used to upload malicious files that may be executed on the server, potentially leading to remote code execution.

Reproduction

To reproduce this vulnerability, upload a file through the 'save_file.php' endpoint. The application does not validate or restrict the type of file being uploaded, allowing harmful files to be uploaded successfully. After uploading, the file can be accessed through the application's file management system, demonstrating the successful exploitation of the vulnerability.