User supplied data is not controlled during the call to external application
vulners.com/securityvulns/securityvulns:doc:3911