diff --git a/interface/lib/classes/validate_cron.inc.php b/interface/lib/classes/validate_cron.inc.php
index 888fdd5cb718c2d084aa6db8a49b2851cd03aedd..3c78ae1404cd050a2341c5858c37904a814ab6ae 100644
--- a/interface/lib/classes/validate_cron.inc.php
+++ b/interface/lib/classes/validate_cron.inc.php
@@ -53,6 +53,10 @@ class validate_cron {
 			if($parsed["scheme"] != "http" && $parsed["scheme"] != "https") return $this->get_error($validator['errmsg']);
 
 			if(preg_match("'^([a-z0-9][a-z0-9_\-]{0,62}\.)+([A-Za-z0-9\-]{2,63})$'i", $parsed["host"]) == false) return $this->get_error($validator['errmsg']);
+
+			if(strpos($field_value, '\\') !== false) {
+				return $this->get_error($validator['errmsg']);
+			}
 		}
 		if(strpos($field_value, "\n") !== false || strpos($field_value, "\r") !== false || strpos($field_value, chr(0)) !== false) {
 			return $this->get_error($validator['errmsg']);
diff --git a/server/plugins-available/cron_plugin.inc.php b/server/plugins-available/cron_plugin.inc.php
index 873c941a4f8ba03ddd39d3264fdfdd65e2b124a5..13b428a9363372aada9c7ce714e192280119518d 100644
--- a/server/plugins-available/cron_plugin.inc.php
+++ b/server/plugins-available/cron_plugin.inc.php
@@ -254,6 +254,11 @@ class cron_plugin {
 
 				$cron_line .= "\t{$this->parent_domain['system_user']}"; //* running as user
 				if($job['type'] == 'url') {
+					// Check that command does not contain a backslash
+					if (strpos($job['command'], '\\') !== false) {
+						$app->log("Insecure Cron job SKIPPED: " . $job['command'], LOGLEVEL_WARN);
+						continue;
+					}
 					$cron_line .= "\t{$cron_config['wget']} --no-check-certificate --user-agent='Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0' -q -t 1 -T 7200 -O " . $log_wget_target . " " . escapeshellarg($job['command']) . " " . $log_target;
 				} else {
 					$web_root = '';