CVE-2007-6479
In Dokeos 1.8.4, the component My productions (main/auth/profile.php) has an unrestricted file upload flaw. Remote authenticated users can upload and execute arbitrary PHP files by using a filename with a double extension, accessible under main/upload/users/ .