The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.