Secunia Research has discovered a vulnerability in e107, which can be exploited by malicious users to compromise a vulnerable system. An error exists in the handling of file uploads for avatar and photograph images. This can be exploited to upload and execute arbitrary PHP code via a specially crafted image file with a “.php.filetypesphp” extension. Successful exploitation requires that “Public Uploads” are disabled (default), but uploads for avatar or photograph images for users are enabled, and a certain server configuration (e.g. an Apache server with the “mod_mime” module installed).e107 version 0.7.19 is affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/88666/secunia-e107apifu.txt
Source: https://packetstormsecurity.com/files/88666/e107-Avatar-Photograph-Image-File-Upload.html