onefilecms.php in OneFileCMS through 2012-04-14 might allow malicious users to execute arbitrary PHP code via a .php filename on the Upload screen.
onefilecms onefilecms