SourceCodester Web-Based Pharmacy Product Management System Unrestricted File Upload Vulnerability

A critical unrestricted file upload vulnerability has been identified in SourceCodester Web-Based Pharmacy Product Management System version 1.0. The issue resides in the 'edit-product.php' file, where the 'Avatar' argument is manipulated to allow unauthorized file uploads. This vulnerability can be exploited remotely, leading to potential remote code execution.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which can be used to execute malicious scripts on the server, potentially leading to a full server compromise.

Reproduction

To reproduce this vulnerability, send a POST request to 'edit-product.php' with a file included in the 'Avatar' field. The file can be a PHP script disguised as an image, bypassing the MIME type checks. Once uploaded, the file can be executed as a script, for example, by accessing it through the web server and appending a command to be executed.

Remediation

Users are advised to implement strict file validation, ensuring that only files with allowed extensions are accepted and that uploaded files are not executable. Additionally, uploaded files should be stored in a way that prevents direct access via the web server.