An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows malicious users to execute arbitrary code.
mingsoft mcms 5.2.4