AyaCMS is an extremely simple and free open source PHP website builder. v3.1.2 of AyaCMS contains a security vulnerability that originates from an arbitrary file upload vulnerability found via the component /admin/fst_upload.inc.php. An attacker could use this vulnerability to execute arbitrary code via specially crafted PHP files.