User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for
arbitrary code execution.Read More