Public CVE-2020-24297 disclosure

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files.