CVE-2022-43231

Vulnerability

Canteen Management System v1.0, available from SourceCodester, contains an arbitrary file upload vulnerability in the /youthappam/manage_website.php file. The application fails to properly validate file uploads, allowing an authenticated administrator to upload arbitrary PHP files. The vulnerability is present in the website image upload functionality [1].

Exploitation

An attacker must first authenticate as a super admin using credentials such as mayuri.infospace@gmail.com/rootadmin [1]. Once logged in, the attacker can send a crafted HTTP POST request to /youthappam/manage_website.php with a malicious PHP file (e.g., shell.php) as the website_image parameter. The request includes multipart form data with the PHP payload in the file content [1].

Impact

Successful exploitation allows the attacker to execute arbitrary PHP code on the web server, leading to full remote code execution. The attacker can potentially gain complete control over the application and server, including data access, modification, or further compromise [1].

Mitigation

No official patch or fix has been released by the vendor as of the publication date (October 28, 2022). Users are advised to restrict access to the admin panel, implement strong authentication, and consider disabling the file upload functionality if not required. The vendor may have a newer version that addresses this issue, but it is not confirmed [1].