An arbitrary file upload vulnerability in the component ajaxlink.php of lylmespage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file.