An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows malicious users to execute arbitrary code via uploading a crafted file.