Usermin is vulnerable to an arbitrary command execution in the email signature configuration due to a lack of sanitization on the signature file parameter.
CVE Link
Exploit Platform
Product Name