SourceCodester Client Database Management System File Upload Vulnerability in user_order_customer_update.php

A critical file upload vulnerability has been identified in SourceCodester Client Database Management System version 1.0. The issue resides in the file user_order_customer_update.php, where the uploaded_file_cancelled parameter is manipulated to allow unrestricted file uploads. This vulnerability can be exploited remotely, without any authentication, by uploading a PHP script that could be executed on the server.

Impact

Exploitation of this vulnerability allows for unauthorized file uploads, which could lead to the execution of malicious scripts on the server. This could result in unauthorized access to the database, leakage of sensitive information, tampering with data, complete control over the system, and disruption of services.

Reproduction

To reproduce this vulnerability, send a POST request to the user_order_customer_update.php file. Include a file in the uploaded_file_cancelled parameter, using multipart/form-data content type. The uploaded file can be a PHP script, such as one containing a phpinfo() function, which, when executed, reveals server configuration details.

Remediation

It is recommended to validate file types and sizes, rename uploaded files to prevent overwriting and path traversal attacks, and disable script execution in the upload directory.