5 matches found
IPFire BE_NAME Parameter Command Injection Vulnerability
IPFire is an open source Linux distribution from the IPFire organization that is primarily used as a router and firewall. A command injection vulnerability exists in the IPFire BENAME parameter, which stems from improper handling of the BENAME parameter when installing a blacklist, and can be...
EUVD-2025-36507
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BENAME parameter when installing a blacklist. When a blacklist is installed the application issues an HTTP POST ...
CVE-2025-34312 IPFire < v2.29 Command Injection via URL Filter Blacklist
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BENAME parameter when installing a blacklist. When a blacklist is installed the application issues an HTTP POST ...
CVE-2025-34312
IPFire
PT-2025-44171
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 contain a command injection issue. An authenticated attacker can execute arbitrary commands as the 'nobody' user. This occurs through the B...