Remote Command Injection
Some code does not sanitize user supplied input before passing it to the System() function for execution. If this API is used in the context of a RoR application remote commands can be injected into the shell if the user supplies shell meta characters like ; and &.