fineuploader/php-traditional-server is vulnerable to arbitrary file upload attacks. The vulnerability exists through endpoint.php
where the endpoint does not check if the user is authenticated, or if the file type is valid, allowing arbitrary file uploads.