SourceCodester Client Database Management System Unrestricted File Upload Vulnerability

A critical unauthorized file upload vulnerability has been identified in SourceCodester Client Database Management System version 1.0. The issue resides in the file '/user_update_customer_order.php', where insufficient validation of the 'uploaded_file' parameter allows attackers to upload malicious PHP script files. This vulnerability can be exploited remotely, without any authentication, enabling attackers to gain control of the target server, potentially leading to a server crash.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which can be used to execute malicious scripts on the server, access or manipulate the database, leak sensitive data, and disrupt services, posing a significant threat to system security and business operations.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/cdm/user_update_customer_order.php' with a file named 'phpinfo.php' in the 'uploaded_file' parameter. The request must include the appropriate headers to simulate a real user interaction, such as 'Content-Type' set to 'multipart/form-data'. Once the file is uploaded, the 'phpinfo.php' file can be accessed, demonstrating the successful exploitation of the vulnerability.

Remediation

It is recommended to implement file type and size validation, rename uploaded files to prevent overwriting and path traversal attacks, and disable script execution in the upload directory. These measures can help mitigate the risk of unauthorized file uploads and the potential execution of malicious scripts.