An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows malicious users to execute arbitrary code via uploading a crafted PDF file.
technocking r-pan-scaffolding