CVE-2020-19202
- EPSS 0.31%
- Veröffentlicht 17.06.2021 16:15:07
- Zuletzt bearbeitet 21.11.2024 05:09:01
An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privilege...
- EPSS 72.18%
- Veröffentlicht 09.06.2021 22:15:08
- Zuletzt bearbeitet 21.11.2024 06:08:47
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is lat...
CVE-2018-16232
- EPSS 38.48%
- Veröffentlicht 17.10.2018 14:29:01
- Zuletzt bearbeitet 21.11.2024 03:52:20
An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.
CVE-2017-9757
- EPSS 77.89%
- Veröffentlicht 19.06.2017 13:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.