In Caldera (versions <=2.8.1) the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allow attackers to use shell metacharacters (e.g. backticks "``" or dollar parenthesis "$()" ) in order to escape the current command and execute arbitrary shell commands.
The vendor's disclosure for this vulnerability can be found here.
This vulnerability requires:
- Valid user credentials
More details and the exploitation process can be found in this PDF.