The Create Discoveries feature of Open-AudIT prior to 3.2.0 allows an authenticated malicious user to execute arbitrary OS commands via a crafted value for a URL field.
opmantek open-audit