e107 versions 0.7.8 and below suffer from an arbitrary file upload vulnerability where it lacks validation of a files contents when uploaded, allowing for php code to be uploaded as an image, etc.
aa50d2197930982bc4bc6a785f17fb6c9451ead90d85aa3a6e6c19c2d2944af6