Tiny File Manager < 2.4.7 - Authenticated Path Traversal and Remote Code Execution via File Upload
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.