An attacker can upload malicious executable files on the system by simply renaming .exe file to .jpeg and the kunena forum allows it to upload even if the mime type check is active and the .exe extension is added to not allowed list.
It should do proper checks on Content type as well. This is a high risk vulnerability!
I'm using Kunena version 5.0.14 and we cannot give it to client till it is fixed. Please help me to put this code manually. Images are attached below.