[File upload vulnerability] CVE-2019-19576 is exist in the code!

[seongil-wi]

Hi,

Our research team in KAIST WSP Lab found a known file upload vulnerability in quickapps
Please inspect this spot.

The following known vulnerabilities exist in this code: CVE-2019-19576
The file extension filter is a blacklist, so any time a new extension is introduced (in this case phar), or any has been missed, a PHP file can be uploaded.

Thanks!