DjangoUEditor 1.9.143 arbitrary file upload vulnerability

Background improper handling, leading to arbitrary file upload. Local download the django version of ueditor, installed after a good visit: Open the upload, the capture of: Now we pass a py file, you can see is prohibited, as is the white list restrictions. But modify imagePathFormat the value to...