CVE-2004-1448

Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code.