Note that you must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled for this to work, which is against our recommendations for any non-dev environment.

https://craftcms.com/knowledge-base/securing-craft#set-allowAdminChanges-to-false-in-production

Note: This is a follow-up to GHSA-f3cw-hg6r-chfv

Users should update to the patched versions (4.16.6 and 5.8.7) to mitigate the issue.

References: #17612