Directory traversal vulnerability in Carello 1.3 allows remote malicious users to execute programs on the server via a .. (dot dot) in the VBEXE parameter.
pacific software carello 1.3