core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter.
https://www.exploit-db.com/exploits/3998
https://exchange.xforce.ibmcloud.com/vulnerabilities/34543
http://www.securityfocus.com/bid/24185
http://www.fundanemt.org/newsarchive/?number=23