We have discovered a security exploit in all versions of WebGUI beyond 6.3.0. This exploit will allow users to run arbitrary code on your server. The simplest way to resolve the problem is to upgrade to WebGUI 6.7.6 or higher. However, we know that you can't always do that immediately, so we've also provided simple patching instructions:
1) Edit lib/WebGUI/Asset.pm
2) Add the following line as the first line in the www_add method:
return "" unless ($session{form}{class} =~ m/^[A-Za-z0-9\:]+$/);
3) Save the file
4) Restart apache.