The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote malicious users to upload and possibly execute arbitrary files.
pwsphp pwsphp 1.2.2