Описание
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.
Ссылки
EPSS
Процентиль: 98%
0.56873
Средний
Дефекты
CWE-20
Связанные уязвимости
github
7 месяцев назад
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.
EPSS
Процентиль: 98%
0.56873
Средний
Дефекты
CWE-20