https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b reports:
An Authenticated NoSQL Injection vulnerability found in
UniFi Network Application could allow a malicious actor with
authenticated access to the network to escalate
privileges.
A malicious actor with access to the network could
exploit a Path Traversal vulnerability found in the UniFi
Network Application to access files on the underlying system
that could be manipulated to access an underlying
account.