An arbitrary file upload vulnerability in Zhongcheng Kexin Ticketing Management Platform 20.04 allows malicious users to execute arbitrary code via uploading a crafted file.