KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
klogserver klog server 2.4.1