UCMS 1.4.7 allows remote malicious users to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.
ucms project ucms 1.4.7