Kentico CMS prior to 11.0.45 allows unrestricted upload of a file with a dangerous type.
kentico kentico cms