Exponent CMS 2.3.0 up to and including 2.3.9 allows remote malicious users to have unspecified impact via vectors related to "uploading files to wrong location."
exponentcms exponent cms