Code-Projects eBlog Site Unrestricted File Upload Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in Code-Projects eBlog Site version 1.0. The issue resides in the file '/native/admin/save-slider.php', within the File Upload Module. This vulnerability allows remote attackers to upload files without restriction, potentially leading to arbitrary code execution.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which can be used to execute malicious code on the server.

Reproduction

To reproduce this vulnerability, upload a file through the 'save-slider.php' endpoint using the file upload feature. The uploaded file can be a malicious PHP script. Once the file is uploaded, it can be accessed through the 'all-slider.php' page, where the name of the uploaded file will be displayed. Accessing the file will execute the uploaded script, demonstrating the successful exploitation of the vulnerability.