licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.