It has been discovered that the extension "Frontend User Upload" (feupload) is susceptible to Arbitrary Code Execution

More... (http://www.typo3.org/news/article/arbitrary-code-execution-in-extension-frontend-user-upload-feupload/)