Code-Projects Simple Photo Gallery Unrestricted File Upload Vulnerability

A critical arbitrary file upload vulnerability exists in Code-Projects Simple Photo Gallery version 1.0, specifically within the '/upload-photo.php' file. This vulnerability allows unauthenticated users to upload malicious scripts disguised as images, due to inadequate input validation. The uploaded files are stored in a publicly accessible directory, where they can be executed by the web server, potentially leading to a complete server compromise.

Impact

Exploitation of this vulnerability allows for the upload and execution of arbitrary PHP code on the server, with the potential for remote code execution, full system compromise, data leakage, unauthorized data modification, and disruption of service.

Reproduction

To reproduce this vulnerability, send a POST request to '/upload-photo.php' with the 'file_img' parameter containing a PHP script disguised as an image file. Include an 'img_title' to bypass any additional validation. Once uploaded, the malicious file can be accessed through the '/img/' directory.