source: https://www.securityfocus.com/bid/6644/info
A problem with MyRoom may make it possible for remote attackers to upload files to a vulnerable system.
Due to inadequate security checks performed by some PHP scripts, an attacker is able to upload arbitrary files to the system.
Given the ability to upload arbitrary files to the host, an attacker can exploit this vulnerability to upload malicious applications to the vulnerable system or use the system for the storage of files.
http://www.example.org/room/save_item.php?name=[NAME]&ref=test&photo=../inc/conf.php&photo_type=ttxt