A remote authenticated attacker could send a specially-crafted URL request using the tools arguments to specify a malicious file from the local system, which could allow the attacker to read and write files on the system. In order to exploit this vulnerability to execute arbitrary code using a local file, the attacker would first be required to upload a malicious file or inject arbitrary commands into an existing file. Discord-Recon could allow a remote attacker to include arbitrary files.
Gain Unauthorized Access
Upgrade to the latest version of Discord-Recon (0.0.3 or later), available from the discord-recon GIT Repository.