Tenable SecurityCenter PHP Character Handling (TNS-2015-09)
High Nessus Plugin ID 89027
The remote application is affected by a character handling vulnerability in the bundled version of PHP.
The SecurityCenter application installed on the remote host contains a bundled version of PHP that is prior to 5.4.43. It is, therefore, affected by an exclamation mark character handling issue in the escapeshellcmd() and escapeshellarg() PHP functions. A remote attacker can exploit this to substitute environment variables.
Apply the relevant patch as referenced in the vendor advisory.