The Wedding Management System version 1.0 is vulnerable to arbitrary file uploads due to a lack of validation of uploaded files in the Upload Photos module. The vulnerability can be exploited by attackers to execute arbitrary code via specially crafted PHP files.