File Upload vulnerability from phpgurukul Boat Booking System 1.0 (change-image.php)
CVE-2024-10161
A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects some unknown functionality of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image with an unknown input leads to a unrestricted upload vulnerability. CWE is classifying the issue as CWE-434. The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment. This is going to have an impact on confidentiality, integrity, and availability.
Affected Project: Boat Booking System 1.0
Official Website: https://phpgurukul.com/boat-booking-system-using-php-and-mysql/
Version: 1.0
Related Code file: change-image.php
Vulnerability Description
User can update boat image through change-image.php
.
Web application doesn’t sanitize or filters the image being uploaded, making it vulnerable to arbitrary file upload vulnerability, that can also lead to Remote Code Execution.
Demonstration
Below is how change-image.php
looks like:
Let’s upload random image and intercept the upload traffic using Burp Suite:
On Burp Suite intruder, we can try sending with various file extensions and content-type and everything will get accepted:
Going to the main website, we can see that the our file was uploaded successfully: