R0Both

**Name of the Vulnerable Software and Affected Versions** BEESCMS version 4.0 **Description** The issue allows attackers to execute arbitrary code via a crafted image file. This is achieved through an arbitrary file upload vulnerability in the `/admin/upload.php` component. **Recommendations** For BEESCMS version 4.0, consider disabling the `/admin/upload.php` component until a patch is available to prevent exploitation of the arbitrary file upload vulnerability. Restrict access to this component to minimize the risk of arbitrary code execution.