Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files.
https://exchange.xforce.ibmcloud.com/vulnerabilities/39740
http://www.securityfocus.com/bid/27285
http://www.securityfocus.com/archive/1/486335/100/0/threaded