WebAccess/NMS (versions before 3.0.2) does not properly sanitize user input and may allow an malicious user to inject system commands remotely.
advantech webaccess\\/nms