HorizontCMS is an open source, responsive content management system (CMS) built on Laravel 6, VueJs 2.6 and Bootstrap 3.4. HorizontCMS 1.0.0-beta is vulnerable to unrestricted file uploads. An attacker can exploit this vulnerability to upload PHP code via zip file and execute PHP files via HTTP GET request /themes/<php_file_name>.