A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a userβs profile. This can lead to code execution on the server when the userβs profile is accessed.