network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument.