漏洞描述
【漏洞对象】IP.Board页面-SQL注入 【涉及版本】IP.Board页面-SQL注入 【漏洞描述】 IPFire 路由设备ids.cgi文件OINKCODE 参数过滤不严,可导致远程命令执行。
IPFire 2.19 Firewall Post-Auth远程命令执行
PoC代码
暂无相关漏洞推荐
- Cisco Secure Firewall Management Center和Cisco Secure Firewall Threat Defense 操作系统命令注入漏洞
- POC CVE-2012-4889: ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
- POC CVE-2015-7780: ManageEngine Firewall Analyzer <8.0 - Local File Inclusion
- POC CVE-2019-19411: Huawei Firewall - Local File Inclusion
- POC CVE-2022-1040: Sophos Firewall <=18.5 MR3 - Remote Code Execution
- POC CVE-2022-2599: WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting
- POC CVE-2022-30525: Zyxel Firewall - OS Command Injection
- POC CVE-2022-35413: WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials
- POC CVE-2022-30525: Zyxel Firewall - OS Command Injection
- POC azure-sql-fw-rule-unalerted: Azure SQL Server Firewall Rule Create/Update/Delete Alert Not Configured
- POC gcloud-exclude-metadata-from-firewall-logging: Exclude Metadata from Firewall Logging
- POC gcloud-firewall-rule-logging-not-enabled: Enable Logging for VPC Firewall Rules
- POC gcloud-vpc-firewall-port-ranges: Check for VPC Firewall Rules with Port Ranges