Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files.
https://packetstormsecurity.com/files/author/15149
http://seclists.org/fulldisclosure/2020/Sep/41
http://packetstormsecurity.com/files/159260/Seat-Reservation-System-1.0-Shell-Upload.html