Halo CMS v1.5.3 exists to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
halo halo 1.5.3