badaso/core is vulnerable to arbitrary code executions. The vulnerability exists because the __construct()
function of BadasoAuthController.php
does not properly validate the data uploaded by the users, allowing an attacker to inject and execute malicious commands.