In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service.