board.cgi in Sepal SPBOARD 4.5 allows remote malicious users to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.
sepal spboard 4.5