Sourcecodester Covid-19 Contact Tracing System version 1.0 contains a critical Remote Code Execution (RCE) vulnerability. The vulnerability allows attackers to upload malicious PHP files through the user image upload functionality, enabling them to execute arbitrary code on the server. This can be exploited to establish reverse shells and gain unauthorized access to the system. The flaw appears to be related to insufficient input validation and file upload restrictions in the application's image handling component.