ProfileCMS version 1.0 suffers from a remote shell upload vulnerability.
c296f1459616acc9f2cf7271d8b4871aa941fd5223357aa0c0128269884d2c64
ProfileCMS v1.0 Shell Upload Exploit
Demo : http://slrate.com/
You can direct upload PHP shell instead of image while creating profile at this script, For example http://slrate.com/profiles here you can direct upload shell instead of images.
Dorks :
"Total Generators & Widgets"
"Powered By ProfileCMS v1.0"