CODEASTRO Membership Management System Remote Code Execution Vulnerability

A remote code execution vulnerability exists in CODEASTRO Membership Management System version 1.0, specifically within the file upload feature of '/add_members.php'. The issue arises from inadequate file validation, allowing attackers to upload malicious files that can be executed on the server.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server, potentially leading to a full server compromise.

Reproduction

To reproduce this vulnerability, log into the application and navigate to '/add_members.php'. Use a proxy tool to intercept the file upload request. Replace the uploaded image file with a PHP script containing executable code, ensuring it has a '.php' extension. After uploading, access the file through the browser and execute a command via a URL parameter to confirm successful exploitation.