Campcodes Online Movie Theater Seat Reservation System Unrestricted File Upload Vulnerability

A critical unrestricted file upload vulnerability has been identified in Campcodes Online Movie Theater Seat Reservation System version 1.0. The issue resides in the admin_class.php file, specifically within the save_movie function. The vulnerability allows remote attackers to upload files without proper verification of the file type, enabling potentially malicious files to be executed on the server. This exploitation can be done without authentication.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could lead to the execution of uploaded files on the server, potentially compromising the entire web application or server.

Reproduction

To reproduce this vulnerability, send a POST request to the admin/ajax.php endpoint with the action parameter set to 'save_movie'. Include a file in the cover parameter without proper validation of the file type. The uploaded file will be saved in the assets/img/ directory, where it can be accessed and executed remotely.