SourceCodester Web-Based Pharmacy Product Management System Unrestricted File Upload Vulnerability in Create User Page
Vulnerability
A critical vulnerability allowing unrestricted file upload has been identified in SourceCodester Web-Based Pharmacy Product Management System version 1.0. The issue resides in the Create User Page, specifically within the add-admin.php file. The vulnerability is triggered by manipulating the Avatar argument, which bypasses file type restrictions and allows the upload of potentially harmful files. This flaw can be exploited remotely, leading to unauthorized file execution on the server.
Impact
Exploitation of this vulnerability allows for unrestricted file upload, which could be used to upload malicious files that are executed on the server, potentially leading to remote code execution.
Reproduction
To reproduce this vulnerability, log into the application and navigate to the Create User Page. Upload a file through the Avatar upload field. The file type restriction can be bypassed by changing the Content-Type header to 'image/jpg', allowing the upload of a PHP file disguised as an image. Once uploaded, the PHP file can be executed via the uploadImage directory, leading to remote code execution.