Magento Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2020-9576
Magento versions 2.3.4 and earlier 2.2.11 and earlier (see note) 1.14.4.4 and earlier and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.