An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.
Published October 7, 2021.
Zammad Zammad
