Headline
CVE-2021-35261: Unrestrict File Upload to RCE vulnerability Find in BearAdmin · Issue #16 · yupoxiong/BearAdmin
File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint.
In application/admin/controller/EditorController.php, it handles editor file upload through server function
And then in extend/tools/UEditor.php function upFile,
it does not check the extension of the file then save it to local storage.
so when upload a file/image/vedio,we can upload a PHP file to getshell.
I test this vulnerability in your demo, and demonstrate it exist, please fix it as soon as possible.