Xiaoabai

**Name of the Vulnerable Software and Affected Versions** taocms version 3.0.2 **Description** The issue allows attackers to execute arbitrary code via a crafted PHP file. This is exploited through manipulation of the `upext` variable at the "/include/Model/Upload.php" endpoint. **Recommendations** For taocms version 3.0.2, consider disabling the file upload functionality until a patch is available to prevent exploitation. Restrict access to the "/include/Model/Upload.php" endpoint to minimize the risk of arbitrary code execution. Avoid using the `upext` variable in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.