magento/community-edition is vulnerable to arbitrary code execution. The vulnerability exists as an admin with import feature privileges can make modifications to a configuration file that allows unauthorized removal of file upload restrictions, causing arbitrary code execution.