The 'man.sh' CGI script contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered due to the script not properly sanitizing user-supplied input. It is possible that the flaw may allow a remote attacker to execute arbitrary commands with the privileges of the Web server resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Robert Moniot has released an unofficial patch to address this vulnerability.