QuickBox is a media server application and service management system from the QuickBox team. A code injection vulnerability exists in QuickBox Pro v2.5.8 and below due to a variable in the config.php file that accepts a GET parameter value and parses it as shell_exec() and fails to properly clean up any shell parameters. An attacker could use this vulnerability to remotely execute code.