Code-Projects Online Ordering System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Code-Projects Online Ordering System version 1.0. The issue resides in the admin/product.php file, where the image parameter can be manipulated to bypass file type and content validation. This vulnerability can be exploited remotely, enabling attackers to upload malicious PHP scripts, such as web shells, which can then be used to gain full control over the affected system by executing commands, navigating the file system, and accessing sensitive data.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be leveraged to execute malicious scripts on the server. This could lead to unauthorized access and control over the server, allowing attackers to execute system commands, manipulate files, and potentially access sensitive information.

Reproduction

To reproduce this vulnerability, send a POST request to the /admin/product.php file with the image parameter containing a PHP file disguised as an image. The uploaded file will be stored in a web-accessible directory, where it can be executed as a script.

Remediation

It is recommended to implement strict file upload validations, such as whitelisting allowed file types and verifying file contents. Additionally, uploaded files should be stored in non-web-accessible directories and with execution permissions disabled.