SourceCodester Online Student Clearance System Unrestricted File Upload Vulnerability

A critical unrestricted file upload vulnerability has been identified in SourceCodester Online Student Clearance System version 1.0. The issue arises in the file '/edit-photo.php', where the 'userImage' argument is manipulated to upload files without proper validation. This vulnerability can be exploited remotely, allowing attackers to upload malicious files that could be executed on the server.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could lead to remote code execution on the server.

Reproduction

To reproduce this vulnerability, send a POST request to '/student_clearance/edit-photo.php' with a file named 'kru.php' disguised as an image (JPEG format). The uploaded file will be saved in the 'uploads' directory, and the file path will be linked to the corresponding student record in the database without any file type verification.