The host is installed with OpenSSH through 8.3p1 and is prone to a command injection vulnerability. A flaw is present in the application, which fails to properly handle an issue in the scp.c toremote function. Successful exploitation could allow remote attackers to pass a backtick enabled payload as file name and when local scp command is executed, local shell will also execute backtick enabled payload.