#Exploit Title: Ulicms-2023.1 sniffing-vicuna - Remote Code Execution (RCE)#Application: Ulicms#Version: 2023.1-sniffing-vicuna#Bugs: RCE#Technology: PHP#Vendor URL: https://en.ulicms.de/#Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip#Date of found: 04-05-2023#Author: Mirabbas Ağalarov#Tested on: Linux 2. Technical Details & POC========================================steps: 1. Login to account and edit profile.2.Upload new Avatar3. It is possible to include the php file with the phar extension when uploading the image. Rce