3 matches found
IPFire Firewall Web Interface Command Injection (CVE-2018-16232)
A command injection vulnerability exists in the web interface of IPFire firewall. The vulnerability is due to improper validation of user-supplied requests in the backup.cgi script. Successful exploitation could lead to arbitrary command injection as the nobody user...
CVE-2018-16232
An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands...
CVE-2018-16232
IPFire Firewall (before 2.21 Core Update 124) is affected by an authenticated command injection in backup.cgi. An authenticated user with page privileges can execute arbitrary commands on the system. The vulnerability is triggered via the web interface, and exploitation would run with the affecte...