In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.