Amaze File Manager prior to 3.5.1 allows malicious users to obtain root privileges via shell metacharacters in a symbolic link.
amaze file manager project amaze file manager