imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.
