Unrestricted file upload vulnerability in src/yopy_upload.php in Project-Based Calendaring System (PBCS) 0.7.1 allows remote authenticated users to upload arbitrary files to tmp/uploads.Referenceshttps://www.exploit-db.com/exploits/5523https://exchange.xforce.ibmcloud.com/vulnerabilities/42105http://www.securityfocus.com/bid/28991
