Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.Referenceshttps://github.com/Umbraco/Umbraco-CMS/commit/cad06502235acabf7fb7dca779d2f78f08547e39http://issues.umbraco.org/issue/U4-5901
