install/index.php in Exponent CMS 2.3.9 allows remote malicious users to execute arbitrary commands via shell metacharacters in the sc array parameter.
exponentcms exponent cms 2.3.9