RemoteClinic Unrestricted File Upload Vulnerability in Edit.php

A critical unrestricted file upload vulnerability has been identified in RemoteClinic versions through 2.0. The issue resides in the file '/staff/edit.php?id=10', where inadequate validation of the 'image' parameter allows for the upload of arbitrary files, including malicious scripts. This vulnerability can be exploited remotely, without any authentication, posing a significant risk to system security and data integrity.

Impact

Exploitation of this vulnerability allows attackers to upload malicious scripts, execute them on the server, gain unauthorized access, manipulate sensitive data, spread malware, and potentially disrupt services.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/staff/edit.php?id=10' with the 'image' parameter containing a file named 'shell.php'. This file should be crafted to include a PHP payload that, when executed, could, for example, run system commands via a web request.

Remediation

It is recommended to implement strict file type validations, set file size limits, store uploaded files outside the web root, rename files upon upload, and conduct regular security audits.