SpawCMS Editor - Arbitrary File Upload

Author: j4ck
type: webapps
platform: php
port: 
date_added: 2010-01-05 
date_updated:  
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comspaw-php-2081-gpl.zip

# Author: j4ck
# j4ck from elitehackers.pl [j4ck.root@gmail.com]

#######

just go to directory

http:/server/[path]/spaw/demo.php
then use image Upload, select all filetypes, and
You can upload your evil PHP code, for example phpshell.

Shell will be uploaded to selected directory.