A vulnerability exists in the TinyMCE editor, included in the tiny browser plugin, which allows uploading files without authentication. This can be exploited to upload files with multiple extensions and execute arbitrary PHP code.
CVE Link
Exploit Type - Old
Exploits/Remote
Product Name