comment_delete_cgi.php in Simple PHP Blog allows remote malicious users to delete arbitrary files via the comment parameter.
alexander palmo simple php blog 0.4.0