bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with «Content-Type: application/octet-stream») to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal.
