LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file.Referenceshttp://jvn.jp/en/jp/JVN86680970/995636/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2015-000106http://jvn.jp/en/jp/JVN86680970/index.html
