CVE-2017-14535by Jeremyin Security Bulletinson Posted on February 16, 2018 trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.