2 matches found
CVE-2026-34792
CVE-2026-34792 – Endian Firewall : Affects Endian Firewall 3.3.25 and prior. An authenticated user can execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_clamav.cgi. The DATE value builds a file path that is passed to a Perl open() call, allowing command injection due to incomp...
CVE-2026-34792 Endian Firewall /cgi-bin/logs_clamav.cgi DATE Perl Command Injection
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsclamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...