Joomla BreezingForms component version 1.8.x suffers from a remote file upload vulnerability. The vendor has contacted Packet Storm and has noted that the default installation does not allow for execution of files with a php extension. Further, the issue related to upload was addressed by Crosstec in February of 2016.
63717bcc7aa8aa7398593c0c628ebdcd52dc185b96e37f9597bc76663e440157