Code-Projects College Management System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Code-Projects College Management System version 1.0. This issue resides in the Admin/student.php file, where the profile_image argument can be manipulated to upload malicious files. The vulnerability can be exploited remotely, and public knowledge of the exploit exists.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to upload malicious files such as web shells that execute code on the server.

Reproduction

To reproduce this vulnerability, send a POST request to the Admin/student.php endpoint with the profile_image field set to a file containing PHP code, such as a web shell. The uploaded file will be saved to the images directory, where it can be accessed and executed.