Galmeta Post CMS versions 0.2 and below suffer from arbitrary file upload and remote code execution vulnerabilities.