Skip to main content

Ipfire CVE-2018-16232

HIGH
OS Command Injection (CWE-78)
2018-10-17 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 17, 2018 - 14:29 nvd
HIGH 8.8

DescriptionNVD

An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.

AnalysisAI

An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands. Affected products include: Ipfire. Version information: before 2.21.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

More in Ipfire

View all
CVE-2017-9757 HIGH POC
8.8 Jun 19

IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a

CVE-2021-33393 HIGH POC
8.8 Jun 09

lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. Ra

CVE-2019-25399 MEDIUM POC
6.4 Feb 18

IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that

CVE-2019-25398 MEDIUM POC
6.1 Feb 18

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow

CVE-2019-25397 MEDIUM POC
6.1 Feb 18

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script tha

CVE-2019-25396 MEDIUM POC
6.1 Feb 18

IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that

CVE-2019-25400 MEDIUM POC
5.4 Feb 18

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the fwhosts.cgi script t

CVE-2022-36368 MEDIUM
4.8 Oct 24

Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a

CVE-2025-50975 MEDIUM POC
5.4 Aug 26

IPFire 2.29 web-based firewall interface (firewall.cgi) fails to sanitize several rule parameters such as PROT, SRC_PORT

CVE-2025-50976 MEDIUM POC
6.1 Aug 26

IPFire 2.29 DNS management interface (dns.cgi) fails to properly sanitize user-supplied input in the NAMESERVER, REMARK,

CVE-2025-50974 MEDIUM POC
6.5 Aug 26

The Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) in IPFire 2.29 does not properly sanitize user-supplied

Share

CVE-2018-16232 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy