: Versions 6.0.0 to 6.5.0 allow attackers to upload malicious .php files through the survey functionality.