A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.
https://packetstormsecurity.com
https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/