CVE-2019-16790
In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted.
Date published : 2019-12-30
https://github.com/prasathmani/tinyfilemanager/security/advisories/GHSA-w72h-v37j-rrwr
https://github.com/prasathmani/tinyfilemanager/commit/9a499734c5084e3c2eb505f100d50baac1793bd8