appadmincontrollersysUploads.php in lemocms 1.8.x allows users to upload files to upload executable files.
