ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
zrlog zrlog 2.2.2