An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file.
https://github.com/erupts/erupt
https://gist.github.com/Cafe-Tea/b72d442be434e1dafe7810c938892b06