CVE-2021-38169

Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py.