ExpressionEngine: Low privileges (auth) Remote Command Execution - PHP file upload bypass.

The ExpressionEngine software was vulnerable to a remote command execution flaw due to a bypass in the file upload extension check, which allowed a low-privileged user to execute arbitrary commands...