SourceCodester Client Database Management System Arbitrary File Upload Vulnerability Allowing Remote Code Execution
Vulnerability
An arbitrary file upload vulnerability has been identified in user_payment_update.php of SourceCodester Client Database Management System version 1.0. This vulnerability allows unauthenticated users to upload arbitrary files through the uploaded_file_cancelled field. The lack of proper file extension checks, MIME type validation, and authentication enables attackers to upload executable PHP files to a web-accessible directory (/files/). Once uploaded, these files can be executed as scripts, leading to remote code execution on the server.
Impact
Exploitation of this vulnerability allows for remote code execution on the server, with the executed code running in the context of the web server user.
Reproduction
To reproduce this vulnerability, upload a file through the uploaded_file_cancelled field in the user_payment_update.php script. Bypass any client-side restrictions by manipulating the file's MIME type or extension to evade server-side validation. Once the file is uploaded, access it via the web server to execute the PHP script, which can be used to run arbitrary commands on the server.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.