The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.Referenceshttps://bugzilla.redhat.com/show_bug.cgi?id=1252813http://rhn.redhat.com/errata/RHSA-2015-1700.html
