SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php.
The vulnerability (CWE-434) results from the lack of proper validation of uploaded files through the user_proposal_update_order.php endpoint. An attacker can upload a malicious executable file (e.g., PHP webshell) without any restrictions on file type, extension, or content. After the file is loaded on the server, it is possible to execute it, leading to remote code execution in the context of the web server. The attack does not require authentication or user interaction and can be conducted remotely over the network.
The attacker gains the ability to execute arbitrary code remotely on the server, which can lead to complete system takeover, data theft, modification or destruction, as well as lateral movement within the network infrastructure.
Apply patches available from the vendor according to the references. As immediate remedial measures, it is recommended to restrict access to the user_proposal_update_order.php file at the firewall or web server level, implement strict validation of file types and extensions, and store files outside the directory directly accessible by the web server.
SourceCodester Client Database Management System version 1.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLerouxyxchire Client Database Management System
APPLerouxyxchire1.0
Related vulnerabilities
SQL Injection w SourceCodester Client Database Management System 1.0
SQL Injection w SourceCodester Client Database Management System 1.0
SQL Injection w SourceCodester Client Database Management System 1.0
Dowolne przesyłanie plików i RCE w SourceCodester Client Database Management System 1.0
SQL Injection w SourceCodester Client Database Management System 1.0