Extensis Portfolio v4.0 exists to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.
extensis portfolio 4.0