SourceCodester Best Church Management Software Unrestricted File Upload Vulnerability

A critical vulnerability allowing arbitrary file uploads has been identified in SourceCodester Best Church Management Software version 1.0. The issue arises in the file '/admin/app/asset_crud.php', where the 'photo1' parameter can be manipulated to upload files without restriction. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to upload malicious scripts or files that could be executed on the server.

Reproduction

To reproduce this vulnerability, send a POST request to '/admin/app/asset_crud.php' with the 'photo1' parameter. Include a file named 'echomd51.php' that contains a PHP script. The uploaded file will be executed on the server, allowing for code execution.