# MCMS 5.2.4 Arbitrary File Upload

Mingfei MCms is a complete open source content management system.MCms 5.2.4 version /file/upload.do has arbitrary file upload vulnerabilities. Attackers can upload malicious Trojan horses to control server permissions.

FOFA **query rule**: [body="ms/1.0.0/ms.js" || body="铭飞MCMS"](https://fofa.so/result?qbase64=Ym9keT0ibXMvMS4wLjAvbXMuanMiIHx8IGJvZHk9IumTremjnk1DTVMi)

# Demo

![MCMS_5_2_4_Arbitrary_File_Upload](MCMS_5_2_4_Arbitrary_File_Upload.gif)