Filtered by vendor Ipfire
Subscriptions
Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34304 | 1 Ipfire | 1 Ipfire | 2025-11-03 | 6.5 Medium |
| IPFire versions prior to 2.29 (Core Update 198) contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTION_NAME parameter. When viewing a range of OpenVPN connection logs, the application issues an HTTP POST request to the Request-URI /cgi-bin/logs.cgi/ovpnclients.dat and inserts the value of the CONNECTION_NAME parameter directly into the WHERE clause without proper sanitization or parameterization. The unsanitized value can alter the executed query and be used to disclose sensitive information from the database. | ||||
| CVE-2025-34303 | 1 Ipfire | 1 Ipfire | 2025-11-03 | 5.4 Medium |
| IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the IGNORE_ENTRY_REMARK parameter when adding a whitelisted host. When a whitelisted host is added, an HTTP POST request is sent to the Request-URI /cgi-bin/ids.cgi and the remark for the entry is provided in the IGNORE_ENTRY_REMARK parameter. The value of this parameter is stored and later rendered in the web interface without proper sanitization or encoding, allowing injected scripts to execute in the context of other users who view the affected whitelist entry. | ||||
| CVE-2025-34302 | 1 Ipfire | 1 Ipfire | 2025-11-03 | 5.4 Medium |
| IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user adds a service, the application issues an HTTP POST request with the ACTION parameter set to saveservice, and the protocol type is specified in the PROT parameter. The value of this parameter is stored and later rendered in the web interface without proper sanitization or encoding, allowing injected scripts to execute in the context of other users viewing the affected service entry. | ||||
| CVE-2025-34301 | 1 Ipfire | 1 Ipfire | 2025-11-03 | 5.4 Medium |
| IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRY_CODE parameter when creating a location group. When a user adds a new location group, the application issues an HTTP POST request with the ACTION parameter set to savelocationgrp, and the value of the COUNTRY_CODE parameter determines the flag displayed for that group. The value of this parameter is stored and later rendered in the web interface without proper sanitization or encoding, allowing malicious scripts to be executed in the context of other users viewing the affected page. | ||||
| CVE-2025-50974 | 1 Ipfire | 1 Ipfire | 2025-09-09 | 6.5 Medium |
| The Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of the following parameters BYTE_UNIT, DAY_BEGIN, DAY_END, HIST_LEVEL, MONTH_BEGIN, MONTH_END, NUM_CONTENT, NUM_DOMAINS, NUM_HOSTS, NUM_URLS, PERF_INTERVAL, YEAR_BEGIN, YEAR_END. | ||||
| CVE-2025-50976 | 1 Ipfire | 1 Ipfire | 2025-09-09 | 6.1 Medium |
| IPFire 2.29 DNS management interface (dns.cgi) fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLS_HOSTNAME query parameters, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2025-50975 | 1 Ipfire | 1 Ipfire | 2025-09-09 | 5.4 Medium |
| IPFire 2.29 web-based firewall interface (firewall.cgi) fails to sanitize several rule parameters such as PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt, and tgt_addr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed whenever another admin views the firewall rules page, enabling session hijacking, unauthorized actions within the interface, or further internal pivoting. Exploitation requires only high-privilege GUI access, and the complexity of the attack is low. | ||||
| CVE-2022-36368 | 1 Ipfire | 1 Ipfire | 2025-05-07 | 4.8 Medium |
| Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script. | ||||
| CVE-2017-9757 | 1 Ipfire | 1 Ipfire | 2025-04-20 | N/A |
| IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF. | ||||
| CVE-2021-33393 | 1 Ipfire | 1 Ipfire | 2024-11-21 | 8.8 High |
| lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well. | ||||
| CVE-2020-21142 | 1 Ipfire | 1 Ipfire | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi. | ||||
| CVE-2020-19204 | 1 Ipfire | 1 Ipfire | 2024-11-21 | 5.4 Medium |
| An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exists in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter. It allows an authenticated WebGUI user to execute Stored Cross-site Scripting in the Routing Table Entries. | ||||
| CVE-2020-19202 | 1 Ipfire | 1 Ipfire | 2024-11-21 | 5.4 Medium |
| An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the Captive Portal page. | ||||
| CVE-2018-16232 | 1 Ipfire | 1 Ipfire | 2024-11-21 | 8.8 High |
| An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands. | ||||