Projectworlds House Rental and Property Listing Unrestricted File Upload Vulnerability

A critical unrestricted file upload vulnerability has been identified in Projectworlds House Rental and Property Listing version 1.0. The issue resides in the '/app/register.php?action=reg' file within the Signup component. This vulnerability allows attackers to upload arbitrary files, including malicious scripts, without proper validation of file type, size, content, or storage path. Exploitation of this vulnerability could lead to the execution of malicious code on the server, unauthorized access to the system, and compromise of data security. Notably, no authentication is required to exploit this vulnerability.

Impact

Exploitation of this vulnerability allows for the upload of malicious scripts that can be executed on the server, potentially leading to unauthorized access, control over the server, manipulation of sensitive data, distribution of malware, and disruption of services.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/app/register.php?action=reg' with the 'image' parameter. The request must include a file named '93a20ec4.php.jpg' disguised as an image but containing PHP code, such as a script that executes a command or evaluates a payload. This can be done using a tool like cURL.