[原文]Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE.
PHPKit contains a flaw that may allow a remote attacker to upload and/or execute arbitrary files. The issue is triggered when the 'images.php' script is used by an authenticated user. It is possible that the flaw may allow a remote attacker to upload and/or execute arbitrary PHP code resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.