CVE-2008-3117
Unrestricted file upload in update_profile.php on PHPmotion 2.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a .php file disguised as image content types (image/gif, image/jpeg, or image/pjpeg) and then accessing it via a direct request to the file under pi...