Campcodes Online Shopping Portal Unrestricted File Upload Vulnerability

A critical unrestricted file upload vulnerability has been identified in Campcodes Online Shopping Portal version 1.0. The issue resides in the file '/admin/edit-subcategory.php', where the application fails to properly sanitize uploaded files. This flaw allows for the upload of potentially dangerous file types that could be executed within the application's environment, leading to possible remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to upload malicious files that are executed on the server, potentially leading to remote code execution.

Reproduction

To reproduce this vulnerability, access the '/admin/edit-subcategory.php' file. Upload a file through the 'productimage1', 'productimage2', or 'productimage3' arguments. The uploaded file can be of a type that the application does not restrict, such as a script or executable file. Once uploaded, the file can be accessed and executed, demonstrating the vulnerability.