An issue in Mblog Blog system v.3.5.0 allows an malicious user to execute arbitrary code via a crafted file to the theme management feature.