Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the βManage Settingsβ functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.