Rick, a network administrator, discovered several unfamiliar files in the root directory of his FTP server. Among them, a binary file named "mfs" caught his attention. After reviewing the FTP server logs, he found that an anonymous user had logged in, uploaded the files, and executed a script using a function provided by the FTP software. Additionally, he noticed that the "mfs" file was running as an active process and listening on a network port. What type of vulnerability must exist for this attack to be possible?