BiggiDroid Simple PHP CMS Unrestricted File Upload Vulnerability in Editsite.php

A critical vulnerability allowing unrestricted file upload has been identified in BiggiDroid Simple PHP CMS version 1.0. The issue resides in the admin panel's editsite.php file, where the image upload functionality fails to validate file types properly. This flaw enables authenticated attackers to upload malicious PHP files, such as web shells, which are then executed on the server, leading to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file upload, with uploaded files being executed on the server. This could lead to remote code execution, allowing an attacker to execute commands on the server with the same privileges as the web server user.

Reproduction

To reproduce this vulnerability, log into the admin panel and navigate to the 'Site Logo' update section. Upload a PHP file disguised as an image file. The application will accept the upload without any validation. After uploading, the file can be accessed through the web server, and if it is a PHP web shell, it can be used to execute commands on the server.