A vulnerability exists in GroundWork 6.7.0. The vulnerability exists in the monarch_scan.cgi where user controlled input is used in a perl function. This allows any remote authenticated attacker, regardless of privileges, to inject system commands and gain arbitrary code execution.