USU Oracle Optimization is used to improve the performance of Oracle queries. command injection vulnerability exists in versions of USU Oracle Optimization prior to 5.17.5. The vulnerability stems from the fact that some common OS commands are blocked, but OS commands for base64 decoding are not blocked, and an authenticated DataCollection attacker can exploit this vulnerability to launch any shell command from the server as root on the agent.