sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/admin_change_picture.php.

sourcecodester Personnel Property Equipment System version 1.0 contains an arbitrary code execution vulnerability in the admin_change_picture.php file located in the admin directory. This remote code execution (RCE) vulnerability allows attackers to execute arbitrary code on the affected system. The vulnerability is present in the image upload functionality within the administrative interface. This represents a critical security flaw that could allow complete system compromise. The vulnerability has been documented with proof-of-concept details available on GitHub.