pear-admin-think V2.1.2 Arbitrary file upload vulnerability

Arbitrary file upload vulnerability exists in pear-admin-think V2.1.2
pear-admin-think V2.1.2 has an arbitrary file upload vulnerability, which allows remote attackers to control the server by uploading files

url: /admin.php/index/upload

Vulnerability file:app/common/service/UploadService.php
```
	private static function validate($file)
    {
        $v = new Validate();
        $v->rule([
            'file|图片' =>'fileSize:102400,fileExt:jpg,png,gif'
         ]);
        return $v->failException(true)->check($file);
    }
```

Vulnerability exploitation:
1.Log in backstage
2.upload file

![1](https://images.gitee.com/uploads/images/2021/0326/105930_dda0f2ea_5009750.png "snipaste_20210326_104226.png")
![2](https://images.gitee.com/uploads/images/2021/0326/110004_7b839f5c_5009750.png "snipaste_20210326_104451.png")
![3](https://images.gitee.com/uploads/images/2021/0326/110031_645b000e_5009750.png "snipaste_20210326_104720.png")
![4](https://images.gitee.com/uploads/images/2021/0326/110048_1d08c033_5009750.png "snipaste_20210326_104837.png")
Repair suggestions:
app/common/service/UploadService.php
```
	private static function validate($file)
    {
        $v = new Validate();
        $v->rule([
            'file|图片大小' =>'fileSize:102400',
            'file|后缀'=>'fileExt:jpg,png,gif'
         ]);
        return $v->failException(true)->check($file);
    }
```

lunar landing/Pear Admin Think

内容风险标识