CVE-2009-1314 (web_file_explorer)

body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1314