phpgurukul Online Shopping Portal Arbitrary File Upload Vulnerability Allowing Remote Code Execution

A vulnerability allowing arbitrary file upload has been identified in phpGurukul Online Shopping Portal version 2.0. This issue arises in the admin 'insert-product.php' file, where uploaded files are not properly validated for their extensions. As a result, an admin user can upload malicious files, such as PHP scripts, which could be executed on the server, leading to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file upload, with the potential for remote code execution on the server.

Reproduction

To reproduce this vulnerability, log in as an admin user and navigate to the 'Insert Product' section. Fill out the required product information and upload a malicious PHP file disguised as an image. After the product is created, access the uploaded file through the product's image directory, appending a command parameter to execute commands on the server.

Remediation

To address this vulnerability, implement an extension whitelist to only allow safe file types, such as JPG, PNG, or PDF. Additionally, verify the actual content of uploaded files using MIME type and magic bytes, rather than relying on file extensions, which can be easily spoofed.