PHPFusion Arbitrary File Upload Vulnerability

PHPFusion, a lightweight open source content management system, is vulnerable to arbitrary file uploads in PHPFusion version 9.03.110. The vulnerability stems from the fact that the File Manager feature in the administration panel does not filter PHP extensions. An attacker could exploit this vulnerability to upload malicious files and execute code on the server.