This post was the result of a code-review made to the Joomla Content Editor plugin. It was possible to bypass the file upload validation in order to submit a webshell.