Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type.