Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows malicious users to run arbitrary commands via the Group Name field under the add forms section of the application.