tpp 1.3.1 allows remote attackers to execute arbitrary commands via a --exec command in a TPP template file.