CSZ CMS 1.2.1 Arbitrary File Upload

`i>>?===========================================================================================  
# Exploit Title: CSZ CMS 1.2.1 - Arbitrary File Upload  
# Dork: N/A  
# Date: 15-03-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://www.cszcms.com/  
# Software Link: https://sourceforge.net/projects/cszcms/  
# Version: 1.2.1  
# Category: Webapps  
# Tested on: Wamp64, Windows  
# CVE: N/A  
# Software Description: CSZ CMS is an open source web application that  
allows to manage all content  
and settings on the websites. CSZ CMS was built on the basis of  
Codeigniter and design  
the structure of Bootstrap, this should make your website fully  
responsive with ease.  
===========================================================================================  
# POC - File Upload  
# Step by Step  
# 1-) Login with admin username and password  
# 2-) Click on the content menu then go to the file upload tab.  
https://i.hizliresim.com/y6WqaM.png  
# 3-) Open your php script file and add it to the top of the page (GIF89a;).  
https://i.hizliresim.com/V9ODWq.png  
# 4-) Change the file extension to .php.gif  
https://i.hizliresim.com/0RXzoD.png  
# 5-) Run the burp suite program. and do your proxy settings.  
# 6-) Click the Add Files button to select your file.  
https://i.hizliresim.com/RrAD5G.png  
# 7-) Press the upload button. and delete the .gif part from the file  
extension in the burp suite.  
# 8-) You may receive an error message. no problem. the file will be  
installed on the server.  
# 9-) You can see the name and path of the file in URL_Path: at the  
bottom of the screen.  
https://i.hizliresim.com/ADVzpX.png  
===========================================================================================  
`