The HTTP interface of Synaman v5.1 and below exists to allow authenticated malicious users to execute arbitrary code and escalate privileges.
synametrics synaman