Code-Projects Library System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Code-Projects Library System version 1.0. The issue resides in the profile.php file, where the image parameter can be manipulated to bypass file type and content validation. This vulnerability can be exploited remotely, enabling attackers to upload malicious PHP scripts, such as web shells, which can then be used to gain full control over the affected system.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to execute malicious scripts on the server. This could lead to unauthorized access and control over the server, including the ability to execute system commands, access sensitive data, and potentially escalate privileges or move laterally within a network.

Reproduction

To reproduce this vulnerability, send a POST request to the profile.php file with the image parameter containing a PHP file disguised as an image. The uploaded file will be stored in a web-accessible directory, where it can be executed as a script.

Remediation

It is recommended to implement strict file upload validations, such as whitelisting allowed file types and verifying file contents. Additionally, uploaded files should be stored in non-executable directories and monitored for suspicious activity.