CVE-2018-20526

Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
Source: NIST