Quick CMS 6.7 Shell Upload

`# Title : Authenticated Shell Upload  
# Product : Quick CMS  
# Vendor : https://opensolution.org/  
# Affected Version : 6.7  
# Researcher : Eagle Eye  
# Tested on : Window & Linux  
# Date : 11/06/2024  
# Report : Already contact the vendor but no response  
# Affected path : admin.php , core/common-admin.php, database/config.php  
# Affected function : saveVariables()  
# Description : Unfiltered parameter that post into admin.php?p=settings override any  
$config key value cause to file upload allowed extension overriding  
lead to shell upload.  
# Step to reproduce  
- login at admin.php  
- click setting on right above  
- click save and intercept the request  
- on body parameter, add &allowed_not_image_extensions=php and proceed  
- click Pages and New page from top navbar  
- On the panel, choose Add files  
- And you can upload malicious script with extension php - You may find on path eg: http://website.com/files/shell.php  
`