The exploit of this vulnerability is so fucking trivial it defies belief. It's not a bug, it is an undocumented feature of the system.