An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.

Unrestricted Upload of File with Dangerous Type in ButterCMS