Public CVE-2008-5965 disclosure

globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter.