CVE-2019-12548
Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo.
Date published : 2019-06-03
https://github.com/bludit/bludit/commit/d0843a4070c7d7fa596a7eb2130be15383013487