betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp.
https://exchange.xforce.ibmcloud.com/vulnerabilities/19781
http://secunia.com/advisories/14668