[原文]gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Greymatter contains a flaw that may allow a malicious user to upload files to arbitrary locations on the filesystem with the same privileges as the server process. It is possible that the flaw may allow arbitrary code execution when a script file is placed within or below the web server root directory, leading to a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.