A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.
https://github.com/wagnerdracha/ProofOfConcept/blob/main/i3geo_proof_of_concept.txt