Secunia Research has discovered a vulnerability in Pulse CMS, which can be exploited by malicious users to compromise a vulnerable system. Input passed via the “filename” and “block” parameters to view.php is not properly sanitized before being used to write to a file. This can be exploited to write arbitrary content to an arbitrary file via a specially crafted POST request and allows executing arbitrary PHP code. Successful exploitation requires authentication.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/87595/secunia-pulsewriting.txt
Source: https://packetstormsecurity.com/files/87595/Pulse-CMS-Arbitrary-File-Writing.html