I have to agree that there shouldn't be an inconsistency between what you can achieve through a write() and a create(). I think this qualifies as a "security vulnerability".
I have to agree that there shouldn't be an inconsistency between what you can achieve through a write() and a create().
I think this qualifies as a "security vulnerability".