IPFire ids.cgi OINKCODE Parameter Command Injection (CVE-2017-9757)

A command injection vulnerability exists in the ids.cgi script of IPFire. The vulnerability is due to incorrect handling of the OINKCODE HTTP parameter. A remote authenticated attacker may exploit this vulnerability by sending a crafted request to the vulnerable CGI script...

CVE-2017-9757

IPFire 2.19 contains a remote command injection vulnerability in the ids.cgi script via the OINKCODE parameter. The issue is triggered when the shell mishandles the input, allowing an attacker to execute commands. Exploitation can occur by authenticated users or via CSRF, according to CVE-2017-97...

CVE-2017-9757

IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF. Recent assessments: h00die at March 25, 2020 12:10am UTC reported: Authentication is required,...

IPFire proxy.cgi RCE

IPFire, a free linux based open source firewall distribution, version 'IPFire proxy.cgi RCE', 'Description' = %q IPFire, a free linux based open source firewall distribution, version 'h00die ', module '0x09AL' discovery , 'References' = 'CVE', '2017-9757' , 'EDB', '42149' , 'License' = MSFLICENSE...