A highly critical flaw in Simple File Upload module affects Joomla! users. The vulnerability is due to improper validation uploaded files by modules/mod_simplefileuploadv1.3/helper.php script. The vulnerability can be exploited to launch arbitrary PHP code. The flaw was confirmed in version 1.3.5. Other versions can be vulnerable also.

Source: Secunia
05.01.2012