The vulnerability enables a malicious minimal-privileged PAM user to access information about other PAM users and their group memberships.
The manipulation in the argument purchase brings about cross site scripting. https://mediajx.com/story19525055/smm-vs-mgus-can-be-fun-for-anyone