## https://sploitus.com/exploit?id=71B99703-6877-503C-8DBC-5F3AA867D2FD
# ๐จ Unauthenticated Remote Code Execution (RCE) via File Upload
## ๐ Overview
- **Project:** QloApps
- **Repository:** https://github.com/Qloapps/QloApps
- **Affected Version(s):**
### 2. Review a hotel and upload our engineered image+php web shell.
### 3. Triggering Remote Code Execution
we can find our uploaded web shell at https://target.com/modules/qlohotelreview/views/img/review//1.php