classcms
The file management function module of Classcms<=3.5 has an arbitrary file upload vulnerability.
Classcms modules are downloaded through its official website. All versions of the downloaded modules of the cms are the same. Therefore, as long as the functional module is installed, this vulnerability must exist. It belongs to full version pass kill. First, look at the code
It can be said that the door is open. You can upload PHP directly without any interception. And this function does not match the upload blocking of the website itself.
