wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables.