Insufficient filtering of command parameters during external program incovation allows remote code execution.
vulners.com/securityvulns/securityvulns:doc:8822