image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/22325http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txthttp://marc.info/?l=bugtraq&m=112715150320677&w=2http://secunia.com/advisories/16873/
