templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the program name in the qshapeLocation parameter.Referenceshttp://www.statsdawg.org/https://exchange.xforce.ibmcloud.com/vulnerabilities/33283
