Code execution and CSRF in web interface.
vulners.com/securityvulns/securityvulns:doc:32161
vulners.com/securityvulns/securityvulns:doc:32162