An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows malicious users to execute arbitrary code via a crafted PHP file.
tpcms project tpcms 3.2