Campcodes Sales and Inventory System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Campcodes Sales and Inventory System version 1.0. The issue resides in the file '/pages/product_update.php', where insufficient validation of the 'image' parameter permits attackers to upload malicious PHP scripts. This vulnerability can be exploited remotely, without any authentication, potentially leading to unauthorized control of the server and causing it to crash.

Impact

Exploitation of this vulnerability allows for unauthorized file uploads, which could be used to execute malicious scripts on the server, leading to unauthorized access and control over the server environment.

Reproduction

To reproduce this vulnerability, send a POST request to '/pages/product_update.php' with a file named 'shell1.php' in the 'image' parameter. The uploaded file should contain a PHP payload, such as a PHP info script. Once uploaded, the file can be accessed from the '/dist/uploads/' directory, where the uploaded PHP script can be executed.

Remediation

It is recommended to implement file type validation, checking both MIME types and file extensions against an allowlist of permitted types. Additionally, file size should be restricted to prevent denial-of-service attacks through large uploads. Uploaded files should be renamed to avoid using user-supplied names, and script execution should be disabled in the upload directory.