A123456

**Name of the Vulnerable Software and Affected Versions** ProudMuBai GoFilm versions 1.0.0 through 1.0.1 **Description** A flaw exists in ProudMuBai GoFilm that allows for unrestricted file uploads. This issue is located within the `SingleUpload` function of the `/server/controller/FileController.go` file. The `File` argument can be manipulated to achieve this. The attack can be initiated remotely, and a publicly available exploit exists. The vendor was notified but did not respond. **Recommendations** Update ProudMuBai GoFilm to a version newer than 1.0.1. As a temporary workaround, restrict access to the `SingleUpload` function in `/server/controller/FileController.go` until a patch is available.