| Title | Codeastro Restaurant POS System 1.0 Remote Code Execution via Unrestricted File Upload |
|---|
| Description | The Restaurant POS System lacks adequate checks on file uploads, allowing an attacker to upload files with inappropriate content, such as PHP scripts, instead of legitimate files. The uploaded file acts as a web shell or script, providing the attacker with the ability to remotely execute arbitrary code on the server. The file upload is done through Cashier Account who has the ability to update product information and maintain orders at ‘update_product.php’ . When visited the uploaded path, commands can be executed through uploaded shell. Also can be accessed through user account.
Vulnerability Details :
- Vulnerability Type: Remote Code Execution (RCE) via Unrestricted File Upload.
- Affected URL: http://localhost/RestaurantPOS/Restro/customer/orders.php
- Affected URL: http://localhost/RestaurantPOS/Restro/cashier/products.php
- Exploited Parameter: http://localhost/RestaurantPOS/Restro/cashier/update_product.php
Mitigation Recommendations:
Mitigating the Unrestricted File Upload and Remote Code Execution (RCE) vulnerability in a restaurant website involves implementing strict file upload controls, validating file types, and restricting extensions to prevent malicious uploads. Employing content verification mechanisms and enforcing input validation safeguards against code injection exploits. Employ content verification mechanisms to validate the integrity of uploaded files. This helps prevent the upload of files containing malicious code. Also Implement robust input validation and sanitation to prevent command injection and other code execution exploits.
|
|---|
| Source | ⚠️ https://drive.google.com/drive/folders/1utXNnlH67FjUaBsYhw1cQWyZsO9MLy1i?usp=sharing |
|---|
| User | VishnuDev1 (UID 63087) |
|---|
| Submission | 02/05/2024 21:34 (2 years ago) |
|---|
| Moderation | 02/06/2024 09:43 (12 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 253011 [CodeAstro Restaurant POS System 1.0 update_product.php unrestricted upload] |
|---|
| Points | 20 |
|---|