Log1 CMS suffers multiple security vulnerabilities including direct access to the AjaxFileManager without a session, arbitrary file renaming via ajax_save_name.php, and arbitrary file downloads.
b0d51c9c10fffb857bb52facced82186cfbf945fad03e9916fd1a71c784067a6