SourceCodester Open Source Clinic Management System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in SourceCodester Open Source Clinic Management System version 1.0. The issue resides in the file '/manage_website.php', where the 'website_image' argument can be manipulated to upload potentially dangerous files that may be executed within the application's environment. This vulnerability could lead to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to upload malicious files that are executed on the server, potentially leading to remote code execution.

Reproduction

To reproduce this vulnerability, access the '/manage_website.php' file and upload a file through the 'website_image' argument. The application does not properly validate or sanitize the uploaded files, allowing harmful file types to be uploaded. Once a file is uploaded, it can be accessed through the application, demonstrating the successful exploitation of the vulnerability.