A flaw could allow remote execution of user provided PHP code.  No technical details yet about CVE-2019-6340 but a patch has been released.