An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.385
Published
2018-10-17
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.
CVSS Score
8.8
EPSS Score
0.779
Published
2017-06-19
Page 4