SourceCodester Simple Food Ordering System Unrestricted File Upload Vulnerability

A critical arbitrary file upload vulnerability has been identified in SourceCodester Simple Food Ordering System version 1.0. The issue resides in the file '/editproduct.php', where the 'photo' argument can be manipulated to allow unrestricted file uploads. This vulnerability can be exploited remotely, without any authentication.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to upload malicious files such as web shells. This could lead to remote code execution, allowing an attacker to execute commands on the server and potentially gain full control over the system.

Reproduction

To reproduce this vulnerability, intercept a file upload request to 'editproduct.php' using Burp Suite. Change the uploaded file's name to 'shell.php' and include a payload that, when executed, would provide command execution capabilities. After sending the request, access the uploaded file through the web server to execute the payload.