Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2.1 allows remote attackers to upload and execute arbitrary PHP files via the image parameter, which places a file under files/.
https://www.exploit-db.com/exploits/4390
https://exchange.xforce.ibmcloud.com/vulnerabilities/36539
http://www.securityfocus.com/bid/25621