With SITE EXEC command from local interface it's possible to execute any command with system privileges.
vulners.com/securityvulns/securityvulns:doc:6590