Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows malicious users to Remote Code Execution.
backdropcms backdrop cms 1.22.0