This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Visual Mining NetCharts Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Developer tools. An attacker can use the projectContents.jsp page to rename an arbitrary file, allowing for an uploaded file to be executed. This allows an attacker to execute arbitrary code as SYSTEM.