A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell.
