An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.