CSZ CMS is a PHP-based open source content management system (CMS). CSZ CMS has a file upload vulnerability in version v1.2.4, which stems from the productβs /core/MY_Security.php component that does not validate uploaded files. An attacker can upload arbitrary files through this vulnerability.