The "Import File Converter" can be abused by an admin to map the server directories and files, because the "File location" field doesn't sanitize the user input and allows access to root directories and files.
1- Go to http://localhost/ee/admin.php?/cp/utilities/import_converter
2- Set the "File location" to
///etc/, notice that the error "You must have at least 3 fields: username, screen_name, and email address", proving that the file exists.
3- Try with
///strukt/, notice the different error message, now it says "The path you submitted is not valid.", meaning the directory doesn't exist.
3- Now try with
///etc/passwd, the first error message shows up.
4- Finally, try with
///etc/strukt, the second message appears.