Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
devcert-sanscache allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization.