admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.Referenceshttp://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html
