[原文]index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action.
Eduha Meeting File contains a flaw that may allow a malicious user to execute arbitrary PHP code. The issue is triggered when the user uploads a file, the script does not correctly restrict the extension of files that can be uploaded. It is possible that the flaw may allow remote code execution resulting in a loss of integrity.
Upgrade to latest version, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.