An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote malicious user to execute arbitrary code via the manager/ipping.php component.