An arbitrary file upload vulnerability exists in MCMS 5.2.7, allowing an malicious user to execute arbitrary code through a crafted ZIP file.
mingsoft mcms 5.2.7