Complaint Management System version 1.0 suffers from a remote shell upload vulnerability.
************************************************************************************
# Title: Complaint Management System v1.0- unrestricted file upload leading to RCE
# Exploit Author: Mohamed Elobeid (0b3!d)
# Date: 2020-08-21
# Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14206&title=Complaint+Management+System
# Tested On: Windows 10 Pro 1909 (x64_86) + XAMPP 3.2.4
# Description: Users can upload php files and then can execute these file from the url http://target/Complaint%20Management%20System/users/complaintdocs/phpinfo.php leading to RCE .
#POC
1-create phpinfo.php with the content "<?php phpinfo(); ?>""
2-login as a normal user, register a new compliant and attach phpinfo.php
3--browse your submitted complaint and view the attached file
************************************************************************************************
