WeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the sk.cgi.in script. This allows users to execute shell commands with the privileges of the web server.
Upgrade to version 0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.