The vulnerability arises from unsanitized input handling in multiple parts of the application. Specifically, the user upload feature allows for arbitrary file uploads due to improper sanitization of the user_name parameter. This can lead to remote code execution (RCE) if an attacker uploads a malicious file to a sensitive directory. Additionally, the application allows for arbitrary directory creation and file content leakage by manipulating user inputs, which can expose sensitive data and compromise the system's integrity.
https://sightline.protectai.com/vulnera ... 422/assess