JVN#22536871: QQQ SYSTEMS vulnerable to arbitrary command injection

QQQ SYSTEMS provided by Gundam Cult QQQ is a perl CGI script to create quiz pages. QQQ SYSTEMS contains an OS command injection vulnerability (CWE-78).

Impact

An attacker may execute an arbitrary OS command with the web server’s execution privilege.

Solution

Consider stop using QQQ SYTEMS 2.24
Since the developer was unreachable, it is unknown whether any mitigations exist.