The BlogAPI module does not validate the extension of files that it is used to upload, enabling users with the "administer content with blog api" permission to upload harmful files. This module uploads an Core Impact agent, creates a php file to execute the agent and then makes a request to the file. The result is an Core Impact agent running on the webserver.
CVE Link
Exploit Platform
Product Name