Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: this issue might be related to CVE-2006-4875.

Unrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public.