Vendor
OpenHarness versions prior to commit dd1d235 are vulnerable to command injection, allowing remote gateway users with chat access to execute administrative commands and alter system permissions.