Unrestricted File Upload Vulnerability

[Luiz-Eduardo-BL]

Description:

The issue at hand involves the content cover feature, which currently allows the addition of any file type, ranging from images to executable files. This presents a significant security risk as executable files can potentially contain harmful code that could compromise the system. The ease of adding such files through the content management interface exacerbates this vulnerability.

Steps to Reproduce:

1. Log in to the admin panel with the necessary credentials.
2. Navigate to the content management section and select the option to add new content.
3. Fill in the required fields with the relevant information for the new content.
4. Attempt to add a cover image, but instead, select an executable file or another non-image file type.
5. Submit the content and observe the error that occurs due to the inappropriate file type.

Rationale:

This issue is critical as it can lead to unauthorized code execution within the system, posing a severe security threat. The content cover feature's lack of file type validation undermines the integrity of the application and can result in the execution of malicious code. Addressing this issue is imperative to maintain the security and stability of the system, especially before implementing any architectural changes that could be affected by this vulnerability.

Important Note
This is a significant architectural change that requires meticulous planning and testing to ensure that the introduction of new features does not compromise the system's security. It is crucial to implement robust file validation checks to prevent such vulnerabilities in the future.