A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.
Customer Relationship Management System - Unrestricted File Upload
A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. .