The host is installed with PHP and is prone to security bypass vulnerability. A flaw in present in SAPI_POST_HANDLER_FUNC() in rfc1867.c, which fails to filter user-supplied file path names when filling the $_FILES[] array. Successful exploitation could allow remote attackers to submit a specially crafted multipart/form-data form to cause the target server to overwrite an arbitrary file in the root directory of the server with the privileges of the web service.