Vulnerability Report Affected Product Online Voting System – Arbitrary File Upload Vulnerability Vendor Homepage https://itsourcecode.com/free-projects/php-project/online-voting-system-project-in-php-with-source-code/ Affected and/or Fixed Versions Version: V1.0 Vulnerable File /Voting/index.php?page=manage_voting&id=4 Vulnerability Type Arbitrary File Upload Vulnerability Description The /Voting/index.php?page=manage_voting&id=4 script suffers from insufficient validation and filtering of uploaded files. An attacker can upload malicious files (e.g., a PHP web shell) disguised with harmless extensions such as .jpg. These files are then stored in publicly accessible directories, allowing them to upload and execute arbitrary files through a web browser, potentially compromising the entire server and exposing sensitive data. Root Cause The /Voting/index.php?page=manage_voting&id=4 script does not properly validate or restrict uploaded files. Attackers can upload malicious files (e.g., PHP web shells) without adequate checks, leading to possible remote code execution on the server. Impact Successful exploitation allows attackers to: Achieve full server compromise Steal or manipulate sensitive data Gain unauthorized access to confidential information Cause service disruption or denial of service Vulnerable Location /Voting/index.php?page=manage_voting&id=4 Proof of Concept (PoC) 1. Prepare a simple PHP web shell payload. 2. Rename the file extension from .php to .jpg (e.g., shell.jpg) to bypass basic type checks. 3. Use the profile picture upload function in userprofile.php to upload the file. 4. Intercept the request using Burp Suite. 5. Modify the Content-Type and other necessary headers so the server processes it as PHP despite the .jpg extension. 6. After successful upload, access the file via a public path.