A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10228
Reference (s):
- https://sourceforge.net/projects/vtecrm/
- https://vtenext.com/en/
- https://www.exploit-db.com/exploits/48804