TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200.