Translations:Category:Extensions with arbitrary execution vulnerabilities/2/en

Usually, this means using something like $1, $2, $3, $4 and even $5 functions on unescaped user input.