Code-Projects Staff Audit System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Code-Projects Staff Audit System version 1.0. The issue arises in an unknown function of the file 'test.php', where the 'uploadedfile' argument can be manipulated to upload potentially harmful files, such as web shells, that could be executed on the server. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could lead to the execution of uploaded files if they are of a type that can be processed by the application.

Reproduction

The vulnerability can be reproduced by sending a request to 'test.php' with the 'uploadedfile' parameter. This can be done using a variety of tools or programming languages that can make HTTP requests, such as Python, JavaScript, or even manually through a web browser or a tool like Postman. The key is to manipulate the 'uploadedfile' parameter to upload a file that the application will accept and process.