Yes, the usual “if I shoot myself in the foot I’ll break my toes” bugs.
As usuals on this bug
It’s possible > for an authenticated user > to achieve code execution.
So we always start from the fact that first of all the user must be authenticated…
But if he is already authenticated who cares, what does he do, does he damage himself???
If a hacker has to authenticate himself first, and he succeeds, by which point he’s already in full control, what’s the matter with exploiting the vulnerability?