The researcher found a Local File inclusion vulnerability, this could be exploited by using Twig templates available on the system. This vulnerability only have the potential to affect dev-ucrm-billing-demo.ubnt.com
, although is limited by the restricted environment (docker) with donβt allow any sensitive information leak.
This vulnerability donβt have any impact and donβt offer any threat for regular installations of UCRM, because the attacker need admin credentials, also the environment is isolated by a docker container.