Code-Projects Library System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Code-Projects Library System version 1.0. The issue resides in the file '/user/student/profile.php', where the 'image' parameter can be manipulated to bypass file type and content validation. This vulnerability can be exploited remotely, enabling attackers to upload malicious PHP scripts, such as web shells, which can then be used to gain full control over the affected system.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be leveraged to execute malicious scripts on the server. This could lead to unauthorized access and control over the server, including the ability to execute system commands, access sensitive data, and potentially escalate privileges or move laterally within a network.

Reproduction

To reproduce this vulnerability, send a POST request to '/user/student/profile.php' with the 'image' parameter containing a PHP file disguised as an image. The uploaded file will be saved in a web-accessible directory, where it can be executed as a script.

Remediation

Users are advised to implement stricter file upload validations, such as whitelisting allowed file types and verifying file contents. Additionally, uploaded files should be stored in non-executable directories and monitored for suspicious activity.