CVE-2008-5677
CVE-2008-5677 describes an unrestricted file upload in Kwalbum versions up to 2.0.4 (and earlier) when PICS_PATH is located in the web root. Remote authenticated users with upload capability can execute arbitrary code by uploading a file with an executable extension and accessing it via a direct ...