CVE-2018-5694

The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt