Critical Vulnerability Information Vulnerability Type Arbitrary File Upload Vulnerability Vulnerability Location Prerequisites Administrator privileges required Vulnerability Description During system setup, the website directory permissions must be set to 777; otherwise, file uploads will fail. The code does not filter sensitive file types (such as PHP files), allowing attackers to upload malicious scripts (e.g., web shells). Code Example Attack Vector (POC) Consequences A PHP web shell file is successfully uploaded and can be parsed and executed. Newly uploaded files will overwrite existing files with the same name.