SourceCodester Client Database Management System File Upload Vulnerability

A critical file upload vulnerability has been identified in SourceCodester Client Database Management System version 1.0. The issue resides in the file '/user_delivery_update.php', where insufficient validation of the 'uploaded_file_cancelled' parameter allows for unrestricted file uploads. This vulnerability can be exploited remotely, enabling attackers to upload malicious PHP scripts that could be executed on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, allowing attackers to execute uploaded scripts on the server. This could result in unauthorized access to the database, leakage of sensitive information, tampering with data, complete control over the system, and disruption of services.

Reproduction

To reproduce this vulnerability, send a POST request to '/cdm/user_delivery_update.php' with the 'uploaded_file_cancelled' parameter. Include a PHP file payload, such as one containing a PHP script, and set the Content-Type to 'image/jpeg'. The uploaded file will be processed by the application, exploiting the lack of validation and potentially allowing the execution of the PHP script on the server.

Remediation

It is recommended to implement file type validation by checking both the MIME type and file extension against an allowlist of permitted types. Additionally, file size should be restricted to prevent denial-of-service attacks via large uploads. Uploaded files should be renamed to avoid using user-supplied names, and script execution should be disabled in the upload directory.