[原文]The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.
GNUBoard contains a flaw that may allow a malicious user to upload arbitrary files. The issue is triggered when a filename is submitted to gbupdate.php with an extension with capital letters. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
Upgrade to version 3.40 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.