Litsasuk

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Web-based Pharmacy Product Management System version 1.0 Sourcecodester Web-based Pharmacy Product Management System version 0.0.1 **Description** The issue allows an attacker to upload a PHP file disguised as an image by modifying the `Content-Type` header to `image/jpg`. This can be exploited by changing the header to mimic an image file, allowing the upload of malicious PHP code. **Recommendations** For version 1.0, update the file upload validation to check the actual file type rather than relying on the `Content-Type` header. For version 0.0.1, implement a secure file upload mechanism that verifies the file type and prevents the upload of executable code, such as PHP files. As a temporary workaround, consider disabling the file upload feature until a secure update is available.