Product
Modoboa versions 2.7.0 and earlier are vulnerable to OS command injection, allowing a Reseller or SuperAdmin to execute arbitrary OS commands on the server by injecting shell metacharacters into a domain name due to unsanitized input in the `exec_cmd()` function.