upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.Referenceshttp://www.iwantacve.cn/index.php/archives/65/
