An arbitrary file upload vulnerability in October CMS v3.4.4 allows malicious users to execute arbitrary code via a crafted file.
octobercms october 3.4.4