CVE-2017-9757

Name of the Vulnerable Software and Affected Versions IPFire version 2.19

Description The issue concerns a Remote Command Injection in the ids.cgi component via the OINKCODE parameter. This parameter is mishandled by a shell, allowing exploitation. Authenticated users can exploit this directly, or it can be exploited through CSRF.

Recommendations For IPFire version 2.19, consider restricting access to the ids.cgi component and the OINKCODE parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the OINKCODE parameter in the affected ids.cgi component until a patch is available.