An unauthenticated remote attacker is able to perform remote code execution due to incorrectly sanitized user input in the SetParameter command.