Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
(CWE-78)
Summary
A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.