By taking advantage of a shell command injection vulnerability in the stored procedure, a user could still execute an arbitrary operating system command.