A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows malicious users to execute arbitrary commands.
chshcms cscms 4.1