If you have permission to modify the configuration file, then you already got the machine. How can it be a vulnerability?