CVE-2014-2223
Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/.
Date published : 2014-09-11
http://www.exploit-db.com/exploits/34447
http://packetstormsecurity.com/files/128029/Plogger-Authenticated-Arbitrary-File-Upload.html