By leveraging shortcomings in a previous patch, security researchers from Checkmarx found that an attacker could send malicious API requests that resulted in RCE.