QuickBox Pro versions 2.1.8 and below suffer from an authenticated remote code execution vulnerability.