What is this bug?
This is a code execution exploit. What I mean by that is: It allows cheaters to execute SQF code from inside ArmA. This means they can run any scripts on your server without BattlEye interfering with them.
Why is this bad? It allows your server to be cheated on. Plain and simple. BattlEye can do nothing about this. You may wonder, why doesn’t BE just ban people for using this? The answer to that is quite simple as well. If BattlEye were to ban for this, they could subject any user to a false ban. You may have felt the effects of a Remote Execution or as it really should be dubbed Remote Code Execution on your server. If your server has ever been attacked where the hacker can: kill everyone, spawn a nuke, start a thunder dome, steal your server files or other extreme exploits of such nature, you have had a hacker with a Remote Execution on your server. If someone were to run the “Injection Code” on every player on your server, how could Battleye know who the actual cheater is and who the good guys are? It simply can’t. It can not determine who is abusing the injection and who happened to have it run on them via Remote Execution. This is why BattlEye can not ban for this.