There is an arbitrary file upload vulnerability which allows remote attackers to execute arbitrary code. The system server does not perform file suffix detection on the administrator avatar upload function.
POC:
We change the filename to "t.php":
The webshell has been uploaded:
The text was updated successfully, but these errors were encountered:
Vulnerability description:
There is an arbitrary file upload vulnerability which allows remote attackers to execute arbitrary code. The system server does not perform file suffix detection on the administrator avatar upload function.
POC:
We change the filename to "t.php":

The webshell has been uploaded:

The text was updated successfully, but these errors were encountered: