admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.
https://www.exploit-db.com/exploits/48221
https://antoniocannito.it/phpkb1#remote-code-execution-cve-2020-10386