As reported by @CptViraj here, it appears that Extension:FileImporter imports the file even when the target page is protected against creation on Commons and the importer should not be able to create it. I tested this on File:ExampleForImportProtection.jpg, imported from testwiki with my test account, and I successfully imported it, even though the target page (File:ExampleForImportProtection.jpg) was under full-protection on Commons, and my test account is not an admin there.
Steps to reproduce
- Upload a file on a Wikimedia wiki other than Commons that supports local uploads (e.g. testwiki; using Special:Upload)
- Protect the title of the said file on Commons so that it can't be created by you (or your test account, in case your main account is an admin)
- Export the said file from the local wiki to Commons.