Old as the hills and still being perpetrated
"The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software."
When, oh when, will developers accept that specific white list based context dependent validation is essential for every input?
It's far from sufficient to declare that you "haven't heard of our cock-up being abused", particularly as it's so simple to avoid making it in the first place.
Anyone heard of OWASP?