Flatpress v1.2.1 exists to contain a remote code execution (RCE) vulnerability in the Upload File function.
flatpress flatpress 1.2.1