Code-Projects Car Rental System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Code-Projects Car Rental System version 1.0. The issue resides in the '/admin/add_cars.php' file, where the 'image' parameter can be manipulated to bypass file type and content validations. This flaw enables remote attackers to upload malicious PHP scripts, such as web shells, which can then be executed to gain control over the server.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to execute malicious scripts on the server. This could lead to unauthorized access and control over the server, including the ability to execute system commands, access sensitive data, and potentially escalate privileges or move laterally within a network.

Reproduction

To reproduce this vulnerability, send a POST request to '/admin/add_cars.php' with the 'image' parameter containing a PHP file disguised as an image. The uploaded file will be stored in a web-accessible directory, where it can be executed as a script.

Remediation

Users are advised to implement stricter file upload validations, such as whitelisting allowed file types and verifying file contents. Additionally, uploaded files should be stored in non-executable directories and monitored for suspicious activity.