# Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)# Date: 25-05-2023# Exploit Author: yuyudhn# Vendor Homepage: https://www.codekop.com/# Software Link: https://github.com/fauzan1892/pos-kasir-php# Version: 2.0# Tested on: Linux# CVE: CVE-2023-36348# Vulnerability description: The application does not sanitize the filenameparameter when sending data to /fungsi/edit/edit.php?gambar=user. Anattacker can exploit this issue by uploading a PHP file and