The vulnerability arises from unsanitized input handling in multiple parts of the application. Specifically, the user upload feature allows for arbitrary file uploads due to improper sanitization of the user_name parameter. This can lead to remote code execution (RCE) if an attacker uploads a malicious file to a sensitive directory. Additionally, the application allows for arbitrary directory creation and file content leakage by manipulating user inputs, which can expose sensitive data and compromise the system's integrity.

An attacker creates a user with a name that includes an absolute path, such as '/etc/cron.d', and uploads a file containing a cron job configuration. This file is then executed by the system, leading to remote code execution. Alternatively, the attacker can manipulate user inputs to create arbitrary directories or read the first column of CSV files, exposing sensitive information.

Users of the latest version of the software who utilize the user upload feature or load templates are affected. This includes administrators and regular users who may inadvertently expose sensitive data or compromise the system's security.