showCode.php in xml2owl 0.1.1 allows remote malicious users to execute arbitrary commands via shell metacharacters in the path parameter.
xml2owl xml2owl 0.1.1