CVE-2009-1525
CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.
Date published : 2009-05-05
http://www.directadmin.com/features.php?id=968
http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html