Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action.
https://www.exploit-db.com/exploits/4341
https://exchange.xforce.ibmcloud.com/vulnerabilities/36357
http://www.securityfocus.com/bid/25491