Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.
https://github.com/accellion/CVEs
https://github.com/accellion/CVEs/blob/main/CVE-2021-27104.txt