Share
## https://sploitus.com/exploit?id=71B99703-6877-503C-8DBC-5F3AA867D2FD
# ๐Ÿšจ Unauthenticated Remote Code Execution (RCE) via File Upload

## ๐Ÿ“Œ Overview
- **Project:** QloApps
- **Repository:** https://github.com/Qloapps/QloApps
- **Affected Version(s):** 

### 2. Review a hotel and upload our engineered image+php web shell. 



### 3. Triggering Remote Code Execution
we can find our uploaded web shell at https://target.com/modules/qlohotelreview/views/img/review//1.php