Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows adversaries to execute commands via getconfig, upload, inventory, and oracle options.
https://support.raynet.de/hc/en-us/articles/19518792826132-RVY200865-RayVentory-12-6