BUG_Author: zhengjiasheng
Vulnerability url: /philosophy/admin/products/controller.php?action=add
post form-data parameter 'filename' exists arbitrary file upload
Steps to reproduce
1.Go to the admin Dashboard
http://localhost/philosophy/admin/login.php
System Admin Access information:
Username: janobe Password: admin
2.Click on Products and Click on + News and select Products
3.Upload the picture Trojan horse,and append the file suffix .php through BurpSuite
4.Access to upload picture Trojan links,you can execute any command.
For example,dir command.


