CVE-2020-25406

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files.