source: https://www.securityfocus.com/bid/58431/info KindEditor is prone to multiple remote file-upload vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. KindEditor 4.1.5 is vulnerable; other versions may also be affected. "@$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> # KindEditor (ASP,ASP.NET,JSP,PHP) _JSON Uploader : --------------------------------------------------