There is a Upload vulnerability that can create file via /admin/?/plugin/file_manager/save,more detail see:https://github.com/philippe/FrogCMS/issues/13
When I check this function ,I found out in line 176 ,we can see if filename did not exists,we can also upload a new file and new content throuth save() function,and in line 189, file create directly.
.png)
then i try to upload a new filename and new content in this request
.png)
and the code is running
.png)