Bluestar Micro Mall Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Bluestar Micro Mall version 1.0. The issue arises in the file '/api/api.php?mod=upload&type=1', where the 'File' argument can be manipulated to upload potentially dangerous files. This vulnerability can be exploited remotely, and details of the exploit have been made public.

Impact

Exploitation of this vulnerability could lead to arbitrary file upload, allowing attackers to upload malicious files that could be executed or processed by the application.

Reproduction

The vulnerability can be reproduced by sending a request to '/api/api.php?mod=upload&type=1' with a manipulated 'File' argument that bypasses any file type restrictions. This can be done using a variety of tools that allow for HTTP request manipulation, such as Postman or curl.