Sourcecodester Modern Image Gallery App Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in Sourcecodester's Modern Image Gallery App version 1.0, specifically within the gallery/upload.php component. The vulnerability arises because the application does not properly validate the contents of uploaded files, allowing an unauthenticated attacker to upload arbitrary PHP code by disguising the file as an image. The application further compounds the issue by retaining the user-supplied file extension when saving the file, enabling execution of the uploaded PHP code and potentially leading to a complete compromise of the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server, with the uploaded PHP script being executed as a web shell. This could lead to unauthorized access and control over the server's operating system.

Reproduction

To reproduce this vulnerability, upload a PHP file (such as a web shell) through the application's image upload feature. Intercept the upload request and change the 'Content-Type' header to 'image/jpeg' to bypass file type restrictions. The server will accept the file, save it with a '.php' extension, and make it accessible via the web. Once uploaded, the PHP script can be executed by accessing the file through the web server, appending a command parameter to the URL.