Code-Projects Church Donation System Unrestricted File Upload Vulnerability

A critical unrestricted file upload vulnerability has been identified in Code-Projects Church Donation System version 1.0. The issue resides in the '/members/admin_pic.php' file, where the 'image' argument can be manipulated to bypass file type and content validation. This vulnerability allows for the upload of malicious files, such as web shells, which could be executed on the server, leading to arbitrary code execution and potential system compromise. Notably, this vulnerability can be exploited remotely without any authentication.

Impact

Exploitation of this vulnerability allows for the upload and execution of arbitrary files on the server, potentially leading to unauthorized access, data breaches, privilege escalation, manipulation of system data, complete system compromise, or disruption of services.

Reproduction

To reproduce this vulnerability, send a POST request to '/members/admin_pic.php' with the 'image' parameter containing a file disguised as an image (such as a PNG) but actually containing PHP code. The uploaded file will be executed on the server, allowing for command execution via the web server's user permissions.

Remediation

It is recommended to implement strict validation of uploaded files, including rigorous checks on file types and extensions, MIME type verification, and content inspection to prevent the upload of disguised malicious files. Additionally, uploaded files should be stored outside the web root to prevent direct access and execution, and strict file system permissions should be applied to disable execution rights on upload directories.