Name of the Vulnerable Software and Affected Versions:

Vaelsys version 4.1.0

Description:

A critical issue exists in Vaelsys 4.1.0 related to os command injection. The `execute DataObjectProc` function within the `/grid/vgrid server.php` file is vulnerable. Manipulation of the `xajaxargs` argument can lead to unauthorized command execution. The exploit has been publicly disclosed.

Recommendations:

As a temporary workaround, consider restricting access to the `/grid/vgrid server.php` file until a patch is available.

Avoid using the `xajaxargs` argument in the affected file `/grid/vgrid server.php` until the issue is resolved.