CCTM plugin can be used by an administrator to achieve arbitrary PHP remote code execution.
blog.nettitude.com/uk/custom-content-type-manager-remote-code-execution