An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file.Referenceshttps://github.com/keheying/onekeyadmin/issues/1
