AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote malicious users to execute commands via shell metacharacters.
source: wwwsecurityfocuscom/bid/762/info
Certain versions of the AN-HTTPd server contain default CGI scripts that allow code to be executed remotely This is due to poor sanity checking on user supplied data
wwwxxxyy/cgi-bin/inputbat?|dir\\windows
...