snipe/snipe-it is vulnerable to remote code execution. The vulnerability exists in the Select User
function under the People Menu
component which allows an attacker with admin privileges to inject remote code to a user via maliciously crafted pdf files.