Code-Projects Content Management System Unrestricted File Upload Vulnerability in edit_posts.php

A vulnerability allowing arbitrary file upload has been identified in Code-Projects Content Management System version 1.0. The issue resides in the admin/edit_posts.php file, where the image argument can be manipulated to bypass file type restrictions. This vulnerability can be exploited remotely, without the need for authentication, allowing attackers to upload malicious files that could be executed on the server, potentially leading to unauthorized control, data theft, or further attacks.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which can be used to execute malicious scripts on the server. This could result in unauthorized server control, data theft, or launching additional attacks that compromise system security.

Reproduction

To reproduce this vulnerability, send a POST request to the admin/edit_posts.php file with the image argument containing a PHP file (e.g., 111.php) disguised as an image file. The Content-Type should be set to 'application/octet-stream' to bypass file type detection. Once uploaded, the PHP file can be accessed and executed as a web shell.