代码拉取完成,页面将自动刷新
Risky path: /admin.php/appcenter/local.html?type=addon
The system allows users to import external plug-ins. When users construct malicious compressed packages, they can execute commands to obtain system permissions.

Version: v2.2.4.230206

e.g. Plug-in file structure:

After uploading the plug-in, the system will execute the php file in the compressed package,
So we can control the contents of php files and execute high-risk commands.
As see, echo phpinfo() command in config.php

Then Package the file into a zip file to upload.
After run this pluging, we can see "phpinfo()" command has been executed in response.
