Campcodes Online Hotel Reservation System Unrestricted File Upload Vulnerability
Vulnerability
A critical vulnerability allowing unrestricted file uploads has been identified in Campcodes Online Hotel Reservation System version 1.0. This issue arises in the file '/admin/edit_room.php', where the 'photo' argument can be manipulated to upload files without any restrictions. The vulnerability can be exploited remotely, and the uploaded files are processed by the 'edit_query_room.php' script, potentially leading to remote code execution.
Impact
Exploitation of this vulnerability allows attackers to upload malicious files, such as web shells, which can be used to execute commands on the server, manipulate or delete files, and even create administrator accounts. This could also lead to a denial-of-service condition or allow the server to be used in a distributed denial-of-service attack. Additionally, the vulnerability could be exploited to access and manipulate database information, including sensitive user data and commercial information, and to replace website content maliciously, harming the site's reputation.
Reproduction
To reproduce this vulnerability, log into the application and navigate to the room type editing page at '/admin/room.php'. Upload an image through the provided upload feature. Once the image is uploaded, the 'edit_room.php' file is called without any file type restrictions. The uploaded file is then processed by the 'edit_query_room.php' script, leading to unrestricted file upload.
Remediation
It is recommended to implement strict validation of uploaded files by checking file types and extensions, verifying MIME types on both the client and server sides, and inspecting file contents to prevent the upload of disguised malicious files. Additionally, uploaded files should be stored outside the web root to prevent direct access and execution, and strict file system permissions should be applied to disable execution rights in upload directories. Finally, consider using secure file upload libraries or frameworks that provide built-in protections.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.