Name of the Vulnerable Software and Affected Versions wxchangba versions (affected versions not specified)

Description The issue concerns a Command Injection problem. It arises because the package fails to validate user input on the reqPostMaterial function. Specifically, the contents of the file parameter are passed to an exec call, which may allow attackers to run arbitrary commands in the system.

Recommendations Consider using an alternative module until a fix is made available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.