Graffiti CMS version 1.x suffers from an arbitrary file upload vulnerability.
6b4900b34f604e733aaea8d21807fccbb643ab1a2bbb8ad7615e3c5c321d6a11
Graffiti CMS includes a file manager component that allows
unauthenticated users to upload files (including asp.net pages which
allow code execution). All versions are affected by this
vulnerability.
To exploit this issue, it only suffices to access to the following URL.
http://DOMAIN_TLD/GRAFFITI_CMS_INSTALL_DIR/__utility/Telligent_Editor/editor/filemanager/browser/default/browser.html?connector=../../connectors/aspx/connector.aspx