CVE-2025-34116: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in IPFire Project IPFire
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.
CVE-2025-34116: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in IPFire Project IPFire
Description
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2025-04-15T19:15:22.560Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 687654a5a83201eaaccea549
Added to database: 7/15/2025, 1:16:21 PM
Last updated: 7/15/2025, 1:16:21 PM
Views: 1
Related Threats
CVE-2025-34115: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ITRS Group OP5 Monitor
HighCVE-2025-34113: CWE-306 Missing Authentication for Critical Function in Tiki Software Community Association Wiki CMS Groupware
HighCVE-2025-34112: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Riverbed Technology SteelCentral NetExpress
CriticalCVE-2025-34111: CWE-434 Unrestricted Upload of File with Dangerous Type in Tiki Software Community Association Wiki CMS Groupware
CriticalCVE-2025-34110: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in ColoradoFTP Server
CriticalActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.