Description
Vulnerability file:\Application\Home\Controller\HomeController.class.php
The vulnerability code is as follows:
You can see that the incoming file is directly included here, and the file is not filtered

Vulnerability to reproduce:
1、First create a 1.txt file in the root directory of the website,of course, this can be any file in the root directory of the website

2、The code in the 1.txt file is as follows:

3、Visit url: http://www.xxx.com/index.php?m=home&c=home&a=sp_set_config ,use the post method to pass in $file and $config_array

4、You can see that shell.php is successfully generated in the root directory of the website

5、Use backdoor tool to connect shell.php

Repair suggestion:
1、Restrict incoming files to php suffix
2、Specifies the incoming filename
3、Detect and filter the content of incoming files