CVE-2019-8908
CVE-2019-8908 affects WTCMS 1.0. An arbitrary PHP code execution is possible by visiting Settings → Mailbox configuration → Registration email template and uploading an image file, demonstrated with a .php filename and the Content-Type: image/gif header. The issue is triggered through the image u...