This page is vulnerable to Argument Injection. A web application is vulnerable to argument injection when untrusted inputs are passed as arguments when executing a specific command. An attacker can manipulate the arguments passed to the process to trigger an OS command injection.
Assume all input is malicious. Use a whitelist of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.