Ipfire Project Ipfire vulnerabilities
2 known vulnerabilities affecting ipfire_project/ipfire.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-34116P2HIGHCVSS 8.7PoCfixed in 2.19 Core Update 1012025-07-15
CVE-2025-34116 [HIGH] CWE-20 CVE-2025-34116: A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via th
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.
nvd
CVE-2022-36368P4MEDIUMCVSS 4.8vversions prior to 2.272022-10-24
CVE-2022-36368 [MEDIUM] CWE-79 CVE-2022-36368: Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions pr
Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.
nvd