PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OWAMP Web Interface 2.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the link parameter.

execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters to the (1) exe and (2) args parameters, which are used in an exec function call. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.