SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution.
sofawiki project sofawiki