Seagull PHP Framework <= 0.6.4 Unrestricted File Upload Vulnerability
Seagull PHP Framework contains a flaw that allows a remote user to execute arbitrary PHP code. The vulnerability is caused due to an error in the handling of file uploads in the tinyfck/filemanager/connectors/php/connector.php script, when a file name has multiple file extensions. This can be exploited to upload malicious PHP scripts.
June 26, 2008