This module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account.
CVE Link
Exploit Type - Old
Exploits/Remote
Product Name