An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file.
https://github.com/DedeBIZ/DedeV6/
https://co-a1natas.feishu.cn/docx/Zsd9dnGUvoBW6tx0G5fcVx6vnBb