S-CMS v5.0 exists to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php.
s-cms s-cms 5.0