FastAdmin (versions prior to latest security patches).
: The attacker uploads 53849.rar via the plugin installation interface. 53849.rar
: FastAdmin's backend extracts the archive into the /addons/ directory. FastAdmin (versions prior to latest security patches)