An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows malicious users to execute arbitrary code via uploading a crafted file.