/admin/extensions/upload.php
Rootcause: the code snippet with the path at Line 590 (on version 4.5.05) contains a file upload function that lacks through security checks, enabling hackers to exploit the upload vulnerability.
https://github.com/nukeviet/nukeviet/blob/4.5.05/admin/extensions/upload.php#L590
With this vulnerability, an attacker can exploit it to gain control of the system if they have an admin account..
Create a valid zip file containing the config.ini file in the correct format inside.
The uploaded webshell file must reside alongside the config.ini file and be at the top level of the zip file.
After successfully creating the zip file, proceed with uploading it to the following path: admin/index.php?language=vi&nv=extensions&op=manage
After the upload, Nukeviet CMS will notify that the zip file containing the webshell inside is valid.
After installation, the shell file has been successfully uploaded to the server at the web root.
So, you have successfully uploaded the Fruit.php webshell to the server.
