代码拉取完成,页面将自动刷新
risky path : /admin/upload
risky function: me.teacms.controller.common.UploadImgController#upload

Because there is no security detection file suffix function, users can upload any file, or even upload it to other working directories
like upload "test.jsp" or "../../../../test.jsp" to traversal Directory .