Code-Projects Fabian Ros Library Management System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Code-Projects Fabian Ros Library Management System version 2.0. The issue arises in the file admin/profile_update.php, where the photo parameter is not properly sanitized, enabling arbitrary file uploads. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability could lead to arbitrary file uploads, which may allow attackers to upload malicious files that could be executed on the server or used to compromise the application.

Reproduction

To reproduce this vulnerability, send a request to the admin/profile_update.php file with an unsanitized photo parameter. This can be done by manipulating the upload request to include a file that exploits the unrestricted upload capability.