Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer.

Improper Neutralization of Special Elements used in an OS Command in Blamer