awkblog provided by Keisuke Nakayama contains an OS command injection vulnerability (CWE-78).
If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the machine running the product.
Apply the Patch
Apply the patch according to the information provided by the developer.
The developer has released the following patch to address this vulnerability.