The vulnerability allows attackers to access files, execute code, and obtain passwords. The exploit takes advantage of an unauthenticated mass-assignment vulnerability and AS2 header parsing.