An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html