A critical vulnerability has been identified in the phpgurukul Online Shopping Portal, which allows an authenticated attacker to upload malicious files to the server. Successful exploitation could lead to a complete compromise of the web server, enabling the attacker to steal sensitive data, deface the website, or use the server for further malicious activities. Due to the high severity of this flaw, immediate remediation is strongly recommended.

The vulnerability is an Arbitrary File Upload located in the /admin/insert-product.php script. The application fails to properly validate the file extension of images uploaded when a new product is added. An authenticated attacker with access to the admin panel can bypass the intended file type restrictions and upload a file with an executable extension (e.g., .php). Once the malicious file is uploaded, the attacker can access it via its URL, causing the web server to execute the code within the file, which typically results in a web shell and remote code execution on the server.

This vulnerability is rated as critical with a CVSS score of 9.1. Exploitation could have a severe impact on the business, leading to a complete compromise of the web server. Potential consequences include the theft of sensitive customer data, payment card information, and intellectual property; website defacement causing significant reputational damage; and the use of the compromised server to attack other systems or host malicious content. The resulting financial losses from operational downtime, incident response, and potential regulatory fines could be substantial.

Immediate Action: The primary remediation is to update the phpgurukul Online Shopping Portal to the latest version provided by the vendor, which addresses this vulnerability. After patching, review web server access logs and file system upload directories for any signs of exploitation that may have occurred prior to the update.

Proactive Monitoring:

• Log Analysis: Scrutinize web server logs for POST requests to /admin/insert-product.php. Look for any uploaded filenames with suspicious extensions (e.g., .php, .phtml, .php5) or attempts to traverse directories.
• File Integrity Monitoring: Implement monitoring on the web application's upload directories to detect the creation of any non-image or unexpected executable files.
• Network Traffic: Monitor for any unusual outbound connections originating from the web server, which could indicate a reverse shell established by an attacker.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Use a Web Application Firewall (WAF) to inspect and block malicious file uploads based on file extension and content.
• Restrict access to the /admin/ portal to trusted IP addresses only.
• Configure the web server to prevent script execution in the directory used for product image uploads.

Public Exploit Available: False

Given the critical severity (CVSS 9.1) and the potential for complete system compromise, it is imperative that organizations apply the vendor-provided security update to all affected phpgurukul Online Shopping Portal instances immediately. Although this CVE is not currently listed on the CISA KEV catalog, its high impact makes it a prime target for exploitation. If patching cannot be performed immediately, the compensating controls listed above should be implemented as a matter of urgency to mitigate the immediate risk.