Ubiquiti Inc.: Unrestricted File System Access via Twig Template Injection on dev-ucrm-billing-demo.ubnt.com

The researcher found a Local File inclusion vulnerability, this could be exploited by using Twig templates available on the system. This vulnerability only have the potential to affect dev-ucrm-billing-demo.ubnt.com, although is limited by the restricted environment (docker) with don’t allow any sensitive information leak.

This vulnerability don’t have any impact and don’t offer any threat for regular installations of UCRM, because the attacker need admin credentials, also the environment is isolated by a docker container.