admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.
https://www.exploit-db.com/exploits/48219
https://antoniocannito.it/phpkb1#authenticated-remote-code-execution-cve-2020-10389