arbitrary file rewrite and read in Hongcms V4.0.0

[0FuzzingQ]

there is an arbitrary file read and rewrite in the backend of this cms via the link: /hcms/admin/index.php/language/ajax when post params : filename=..%2f..%2ftest.php&action=savelang&filecontent=%3C%3Fphp%0D%0A%0D%0Aecho+phpinfo()%3B%0D%0A%3F%3E

in the latest V4.0.0 edtion, the cms try to use ajax to escape attacker to do same dangerous action like change file name etc but it can also be catched by proxy

it will write your payload into any file which is writeable we create new file test.php to check this vuln:

we can access to it via link as http://domain/your file name