A path traversal vulnerability in Mautic 7's campaign import feature allows authenticated users with campaign import privileges to write arbitrary PHP files to sensitive system directories. The flaw occurs during ZIP file extraction when validation logic fails to prevent file paths from escaping intended temporary directories. Attackers can exploit this to overwrite critical configuration or cache components, leading to Remote Code Execution under web server context. This requires authentication and specific campaign import permissions but results in full RCE capability.