An issue in Alfresco Content Services v.23.3.0.7 allows a remote malicious user to execute arbitrary code via the Transfer Service.