i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php.
i-librarian i-librarian 4.10