Code-Projects Simple Forum Unrestricted File Upload Vulnerability

A critical arbitrary file upload vulnerability has been identified in Code-Projects Simple Forum version 1.0. The issue resides in the '/forum1.php' file, where the application fails to properly validate uploaded files. This lack of validation allows unauthenticated users to upload malicious PHP scripts disguised as images. Once uploaded, these scripts can be executed via a web browser, potentially leading to a complete server compromise.

Impact

Exploitation of this vulnerability allows for arbitrary PHP code execution on the server, with the potential for remote code execution, full system compromise, data leakage, unauthorized data modification, and disruption of service.

Reproduction

To reproduce this vulnerability, authenticate to the application to obtain a valid PHP session ID. Then, send a POST request to '/forum1.php' with the 'file' parameter containing a PHP script payload, disguised as an image. After uploading, the malicious file can be accessed and executed from the web root directory.