A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows malicious users to execute arbitrary code via supplying a crafted .sabredav file.
afterlogic aurora files 9.7.3