Apache LDAP Studio versions 0.6.0 to 0.8.1 and Apache Directory Studio versions 1.0.0 to 2.0.0-M9 suffer from a command injection vulnerability.