SourceCodester Web-Based Pharmacy Product Management System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in SourceCodester Web-Based Pharmacy Product Management System version 1.0. The issue resides in the add-product.php file, where the Avatar argument is manipulated to bypass file type restrictions. This vulnerability can be exploited remotely, leading to potential remote code execution, cross-site scripting, and system compromise.

Impact

Exploitation of this vulnerability allows for remote code execution on the server, cross-site scripting attacks, and could result in a complete compromise of the affected system.

Reproduction

To reproduce this vulnerability, upload a file through the 'add-product.php' page. The file upload process can be manipulated by changing the 'Content-Type' header to spoof the MIME type, bypassing the application's file type validation. Once a file is uploaded, it can be accessed via the 'uploadImage' directory.

Remediation

Users are advised to upgrade to version 1.1 or later. If an immediate upgrade is not possible, temporarily disable the file upload functionality and inspect the 'uploadImage' directory for suspicious files.