A quick POC for CVE-2018-9209 arbitrary file upload vulnerability in Dead Link -> https://github.com/FineUploader/php-traditional-server.

https://docs.fineuploader.com/quickstart/03-setting_up_server.html

For testing purpose (will create an Apache/PHP docker container with vuln versions of the plugin):
./docker/install.sh

You can examine the docker container with:

docker run -it vuln bash