SourceCodester Company Website CMS File Upload Vulnerability in Dashboard Services

A file upload vulnerability has been identified in SourceCodester Company Website CMS version 1.0. The issue arises in the 'Create Services' feature within the dashboard, where arbitrary files can be uploaded without proper validation. The vulnerability allows for the upload of potentially malicious files, such as PHP scripts, which could be executed on the server.

Impact

Exploitation of this vulnerability allows for arbitrary file upload, which could be used to upload and execute malicious scripts on the server.

Reproduction

To reproduce this vulnerability, navigate to the 'Create Services' page in the dashboard. Upload a file through the 'ufile' field in the multipart form data. The uploaded file can be a PHP script containing malicious code, such as a payload that executes commands on the server. Once the file is uploaded, it can be accessed and executed, demonstrating the successful exploitation of the vulnerability.