kiwitcms is vulnerable to Arbitrary File Upload. The vulnerability exists because the library does not properly validate files uploaded, allowing an attacker to bypass the file upload restrictions by uploading a malicious *.exe
file or embedded JavaScript file, tricking people into clicking on these files, executing malicious code on a another machine, or trying XSS attacks.