HorizontCMS-100-beta-shell-upload (CVE-2020-28693) Author: jkana The vulnerable is in Theme upload function 1Login as administrator or any users could change themes 2Create a zip file which have php shell inside For example shellzip with shellphp inside 2Access to IP/admin/theme/index For example: 1921681067:81/hcms/admin/theme/index 3Upload shel