An arbitrary file upload vulnerability in UCMS v1.6 allows malicious users to execute arbitrary code via a crafted PHP file.
ucms project ucms 1.6