Tutorials contains a flaw that allows a remote attacker to upload and execute arbitrary files. The issue is due to a flaw in the PHP embedded uploader routine which does not check the MIME type for file uploads. An attacker may be able to upload an arbitrary file of any type (not just image) and then request it to be executed via a standard HTTP request.
Upgrade to version 2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.