update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive.Referenceshttps://github.com/hyyyp/HYBBS2/issues/33
